memory tagging should be a game changer for C and C++; get with the program, @intel and @apple!!pic.twitter.com/z2vXAtTb7z
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
…unless the attacker can get the tag of the freed area somehow, which is one instruction away. That’s the scary part.
If they have code execution already, you're outside the scope of what MTE is protecting against. That's the scope of anti-ROP snakeoil like CET. The point of MTE is to prevent getting there in the first place.
Scenario: Attacker has a UAF vuln and some ability to read the address of newly allocated pointers via a leak. Attacker causes object to be freed with a dangling pointer. Attacker repeatedly reallocates and frees objects in that area, checking pointers, until tag matches.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.