The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

OpenSharedCacheFile

From The iPhone Wiki
Revision as of 00:54, 23 March 2015 by Sjeezpwn (talk | contribs)
Jump to: navigation, search

The OpenSharedCacheFile bug was found by i0n1c, what this bug is just a simple stack overflow

Opensharedcachefile() function

int openSharedCacheFile()
{
  char path[1024];
  strcpy(path, sSharedCacheDir);
  strcat(path, "/");
  strcat(path, DYLD_SHARED_CACHE_BASE_NAME ARCH_NAME);
  return ::open(path, O_RDONLY);
}

Triggering the vuln =

To trigger it, run the following 

DYLD_SHARED_CACHE_DIR = “A” * 2000 \
DYLD_SHARED_REGION = private /bin/launchctl

This will overflow the PC register making it a stack overflow.

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=OpenSharedCacheFile&oldid=45134"