Difference between revisions of "Ndrv setspec() Integer Overflow"

From The iPhone Wiki
Jump to: navigation, search
m (Swapped links)
(Slides added to keep things simple)
Line 5: Line 5:
 
This exploit was talked about by [[I0n1c]] at Blackhat US 2011 in his [http://www.slideshare.net/i0n1c/blackhat-usa-2011-stefan-esser-ios-kernel-exploitation Exploiting The iOS Kernel] presentation starting at slide 41.
 
This exploit was talked about by [[I0n1c]] at Blackhat US 2011 in his [http://www.slideshare.net/i0n1c/blackhat-usa-2011-stefan-esser-ios-kernel-exploitation Exploiting The iOS Kernel] presentation starting at slide 41.
   
  +
[[Image:I0n1c-slide42.jpg]]
  +
[[Image:I0n1c-slide43.jpg]]
  +
[[Image:I0n1c-slide44.jpg]]
  +
[[Image:I0n1c-slide45.jpg]]
  +
[[Image:I0n1c-slide46.jpg]]
 
[[Category:Exploits]]
 
[[Category:Exploits]]

Revision as of 05:23, 23 September 2011

The ndrv_setspec() Integer Overflow is a vulnerability found in the kernel. i0n1c used this to make the first (publicly released) "untethering" exploit that bypassed Apple's ASLR implementation.

Vulnerability

This exploit was talked about by I0n1c at Blackhat US 2011 in his Exploiting The iOS Kernel presentation starting at slide 41.

I0n1c-slide42.jpg I0n1c-slide43.jpg I0n1c-slide44.jpg I0n1c-slide45.jpg I0n1c-slide46.jpg