Difference between revisions of "Posix spawn kernel information leak"

From The iPhone Wiki
Jump to: navigation, search
(Created page with " == Vulnerability == There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the...")
 
Line 1: Line 1:
   
== Vulnerability ==
+
'''Vulnerability'''
   
 
There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization.
 
There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization.
Line 6: Line 6:
   
   
== Credit ==
+
'''Credit'''
   
 
[[I0n1c]]
 
[[I0n1c]]
   
  +
'''Links'''
 
== Links ==
 
   
 
[http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf Writeup by i0n1c p. 4 ff.]
 
[http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf Writeup by i0n1c p. 4 ff.]

Revision as of 19:09, 4 January 2014

Vulnerability

There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization. Furthermore the flag _POSIX_SPAWN_ALLOW_DATA_EXEC enables execution on the heap


Credit

I0n1c

Links

Writeup by i0n1c p. 4 ff.