That is the same bug as already publicly documented from the patch by @elvanderb and exploited by @jaakerblom, see John's repo here:https://github.com/potmdehex/multipath_kfree …
-
-
Prikaži ovu nit
-
The vfs bug doesn't require an Apple developer cert but is considerably harder to exploit. You get to write 8 NULL bytes off the end of a kalloc.16 buffer. It's sufficiently hard to exploit that it's worth trying just to demonstrate that such issues are reliably exploitable...
Prikaži ovu nit -
see eg The Poisoned Nul Byte, 2014 by
@scarybeasts https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html … . But it takes time. The mptcp exploit is mostly recycled bits of earlier exploits. The getvolattrlist bug needs some new techniques.Prikaži ovu nit -
The trigger is here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1564 … If you're in to iOS exploit dev take a go at it and blog about it! I'll publish what I have soon, hopefully this week.
Prikaži ovu nit -
Finally: always keep your personal iOS devices up to date and only use these tools on devices which don't have any personal information and are only used for research.
Prikaži ovu nit -
(footnote: for the vfs bug technically you can control a handful of bits in the 8 overflow bytes, the overflow value is actually two 4 byte flag fields. This may or may not help.)
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
No. Just an exploit that can lead to a jailbreak. It’ll be soon.
- Još 7 drugih odgovora
Novi razgovor -
-
-
JAILBREAK IS COMING SOOOOOON!!!!!!!!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
THANK YOU LORD AND SAVIOR
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.