iOS <=11.4.1 kernel bug: OSData::appendByte(s) Uint32 addition overflow for out of bounds bzero/bcopy. Patched in iOS 12.
-
Show this thread
-
Chance of exploitation? Very low. There doesn't seem to be a single codepath which fits the correct criteria (allows you to get both OSData::length & the inLength arg high enough to overflow). $10 PayPal to anyone who does happen to find a codepath though...
6 replies 6 retweets 46 likesShow this thread -
I would be very surprised if they assigned CVE for pure hardening
1 reply 0 retweets 0 likes -
hm, perhaps there is something else then. but from a few hours of diffing this is all I found, but I wasn't thorough (~3500 partial matches). i'm done diffing for tonight anyway :p
1 reply 0 retweets 2 likes -
what'd you use? yadiff?
1 reply 0 retweets 0 likes -
diaphora in ida. seems to work fairly well for the most part
1 reply 0 retweets 0 likes
Niklas B Retweeted buherator
OK good to know. Apparently YaDiff could be much faster according tohttps://twitter.com/buherator/status/1037655070798696448 …
Niklas B added,
-
-
interesting -- will have to try it some time. cheers (:
0 replies 0 retweets 3 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.