Posix spawn kernel information leak

From The iPhone Wiki
Revision as of 19:08, 4 January 2014 by Ra1ningSn0w (talk | contribs) (Created page with " == Vulnerability == There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Vulnerability

There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization. Furthermore the flag _POSIX_SPAWN_ALLOW_DATA_EXEC enables execution on the heap


Credit

I0n1c


Links

Writeup by i0n1c p. 4 ff.