Overlapping Segment Attack

This is CVE-2013-0977. This vulnerability was first mentioned by i0n1c[1][2][3]: "So iOS 6.1.3 beta 2 also fixes the Overlapping Segment Attack against dyld used in evasi0n." and "The Accuvant Labs analysis is incomplete and does not mention this. They do not realize / mention that it is not possible to have a codeless dylib without exploiting dyld."

So a deeper investigation is necessary here.

Apple's description in the iOS 6.1.3 security fixes:

dyld
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments.

See also

• AMFID code signing evasion

References

• Accuvant Labs analysis of evasi0n
• Apple's iOS 6.1.3 security fixes
• Apple's iOS 5.2.1 (Apple TV) security fixes
• NIST Reference CVE-2013-0977
• Mitre Reference CVE-2013-0977