Difference between revisions of "Overlapping Segment Attack"

From The iPhone Wiki
Jump to: navigation, search
(initial page)
 
m (new blog link)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
  +
This is CVE-2013-0977.
 
This vulnerability was first mentioned by [[i0n1c]][https://twitter.com/i0n1c/status/306132590795051008][https://twitter.com/i0n1c/status/306165655877582848][https://twitter.com/i0n1c/status/306166203964071936]: "''So iOS 6.1.3 beta 2 also fixes the [[Overlapping Segment Attack]] against [[dyld]] used in [[evasi0n]].''" and "''The Accuvant Labs analysis is incomplete and does not mention this. They do not realize / mention that it is not possible to have a codeless [[dylib]] without exploiting [[dyld]].''"
 
This vulnerability was first mentioned by [[i0n1c]][https://twitter.com/i0n1c/status/306132590795051008][https://twitter.com/i0n1c/status/306165655877582848][https://twitter.com/i0n1c/status/306166203964071936]: "''So iOS 6.1.3 beta 2 also fixes the [[Overlapping Segment Attack]] against [[dyld]] used in [[evasi0n]].''" and "''The Accuvant Labs analysis is incomplete and does not mention this. They do not realize / mention that it is not possible to have a codeless [[dylib]] without exploiting [[dyld]].''"
   
 
So a deeper investigation is necessary here.
 
So a deeper investigation is necessary here.
  +
  +
Apple's description in the iOS 6.1.3 security fixes:
  +
  +
<cite>
  +
'''dyld'''<br/>
  +
Impact: A local user may be able to execute unsigned code<br/>
  +
Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments.
  +
</cite>
   
 
== See also ==
 
== See also ==
Line 7: Line 16:
   
 
== References ==
 
== References ==
* [http://blog.accuvantlabs.com/blog/bthomas/evasi0n-jailbreaks-userland-component Accuvant Labs analysis of evasi0n]
+
* [http://blog.accuvant.com/bthomasaccuvant/evasi0n-jailbreaks-userland-component/ Accuvant Labs analysis of evasi0n]
  +
* [http://support.apple.com/kb/HT5704 Apple's iOS 6.1.3 security fixes]
  +
* [http://support.apple.com/kb/HT5702 Apple's iOS 5.2.1 (Apple TV) security fixes]
  +
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0977 NIST Reference CVE-2013-0977]
  +
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0977 Mitre Reference CVE-2013-0977]
   
 
[[Category:Exploits]]
 
[[Category:Exploits]]

Latest revision as of 22:34, 30 December 2013

This is CVE-2013-0977. This vulnerability was first mentioned by i0n1c[1][2][3]: "So iOS 6.1.3 beta 2 also fixes the Overlapping Segment Attack against dyld used in evasi0n." and "The Accuvant Labs analysis is incomplete and does not mention this. They do not realize / mention that it is not possible to have a codeless dylib without exploiting dyld."

So a deeper investigation is necessary here.

Apple's description in the iOS 6.1.3 security fixes:

dyld
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments.

See also

References