The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

IOUSBDeviceFamily Vulnerability

From The iPhone Wiki
Revision as of 23:10, 25 February 2013 by Http (talk | contribs) (initial page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This kernel vulnerability comes from the com.apple.iokit.IOUSBDeviceInterface driver. There are several methods that accept a pipe object pointer from user space, but do not validate the pointer except for testing if it is non-null. An application that can communicate with USB devices (holding com.apple.security.device.usb entitlement) can call IOUSBDeviceInterface functions directly and give them a malformed pipe object which can result in arbitrary code execution if the memory referenced by the given pip object pointer can be controlled from user space. evasi0n uses function 15 (stallPipe) for exploitation.

TODO: Describe evasi0n exploitation in detail here.

See also

References

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=IOUSBDeviceFamily_Vulnerability&oldid=30930"