The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Posix spawn kernel information leak"
Ra1ningSn0w (talk | contribs) |
Ra1ningSn0w (talk | contribs) |
||
Line 4: | Line 4: | ||
There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization. |
There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization. |
||
− | Furthermore the flag _POSIX_SPAWN_ALLOW_DATA_EXEC enables execution on the heap |
+ | <br/>Furthermore, the flag _POSIX_SPAWN_ALLOW_DATA_EXEC enables execution on the heap. |
== '''Credit''' == |
== '''Credit''' == |
Revision as of 19:13, 4 January 2014
Vulnerability used in p0sixspwn
Vulnerability
There is a vulnerability in the method posix_spawn() in the XNU kernel. When it is used with the flag _POSIX_SPAWN_DISABLE_ASLR, it disables ASLR for the process running. On x86_64 processes it also disables heap randomization.
Furthermore, the flag _POSIX_SPAWN_ALLOW_DATA_EXEC enables execution on the heap.