There is a step using corrupted ArrayBuffer for AAR/W to get signed function pointer, but omitted in the slides. Am I right?
-
-
-
Yeah there was quite a bit omitted :'D the step is basically using -[CNFileServices dlsym::] to get signed C func pointers, then using -[NSInvocation invokeUsingIMP] to call them, R/W necessary to bridge stuff into JS and construct more fake NSInvocations
Kraj razgovora
Novi razgovor -
-
-
A single bug exploited to defeat all protections and get RCE! Impressive
@5aelo Curious how the bug was found? Is it pure manual code review or a mix of code review and some fuzzing or taint flow analysis?Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
I was just about to ask you about the blog post! thanks for sharing this amazing work with us at
#36c3 looking forward for the blog post and more amazing exploits <3Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Thank you and it is very detailed and impressive.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Thanks for your sharing
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Thanks
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Awesome presentation! I am looking forward to the accompanying blog post and thank you for sharing!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Are u releasing PoC? Now that the bug is fixed?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Great talk, thank you
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.