The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Ndrv setspec() Integer Overflow"
(Slides added to keep things simple) |
|||
Line 1: | Line 1: | ||
+ | {{lowercase}} |
||
− | {{DISPLAYTITLE:ndrv_setspec() Integer Overflow}} |
||
The '''ndrv_setspec() Integer Overflow''' is a vulnerability found in the kernel. [[i0n1c]] used this to make the first (publicly released) "untethering" exploit that bypassed Apple's [[Wikipedia:Address space layout randomization|ASLR]] implementation. |
The '''ndrv_setspec() Integer Overflow''' is a vulnerability found in the kernel. [[i0n1c]] used this to make the first (publicly released) "untethering" exploit that bypassed Apple's [[Wikipedia:Address space layout randomization|ASLR]] implementation. |
||
== Vulnerability == |
== Vulnerability == |
||
− | This exploit was talked about by [[ |
+ | This exploit was talked about by [[i0n1c]] at [[Timeline|Blackhat US 2011]] in his [http://www.slideshare.net/i0n1c/blackhat-usa-2011-stefan-esser-ios-kernel-exploitation Exploiting The iOS Kernel] presentation starting at slide 41. |
+ | |||
+ | <gallery header="Slides"> |
||
+ | File:I0n1c-slide42.jpg|Slide #42 |
||
+ | File:I0n1c-slide43.jpg|Slide #43 |
||
+ | File:I0n1c-slide44.jpg|Slide #44 |
||
+ | File:I0n1c-slide45.jpg|Slide #45 |
||
+ | File:I0n1c-slide46.jpg|Slide #46 |
||
+ | </gallery> |
||
− | [[Image:I0n1c-slide42.jpg]] |
||
− | [[Image:I0n1c-slide43.jpg]] |
||
− | [[Image:I0n1c-slide44.jpg]] |
||
− | [[Image:I0n1c-slide45.jpg]] |
||
− | [[Image:I0n1c-slide46.jpg]] |
||
[[Category:Exploits]] |
[[Category:Exploits]] |
Revision as of 17:42, 4 October 2012
The ndrv_setspec() Integer Overflow is a vulnerability found in the kernel. i0n1c used this to make the first (publicly released) "untethering" exploit that bypassed Apple's ASLR implementation.
Vulnerability
This exploit was talked about by i0n1c at Blackhat US 2011 in his Exploiting The iOS Kernel presentation starting at slide 41.