New blog post. ARM hardware bug. In the specification. https://siguza.github.io/PAN/
-
-
FWIW though, on Apple's A12 and A13 chips they used to have a page in the kernel that had the exact permissions applied that would be created by a --x mapping in userland - there it was intended to be kernel-accessible and it being executable from userland was the bug, but...
-
...for that I did publish a PoC: https://github.com/Siguza/APRR/blob/master/yolo.c … Should work on A12 and A13, iOS 12.0-13.0.
Kraj razgovora
Novi razgovor -
-
-
No worries on that. I was going to attempt to see if this particular exploit would work on Amazon EC2 instances, but it would only work on an unpatched Linux kernel according to your commit link. These are RHEL instances however. Possible the back port is not present.
-
Well checking whether --x mappings are allowed should be fairly simple. The trickier part would be getting a rogue kernel pointer dereference :P But without having looked at AWS, are you even confident they're running on ARMv8.1 hardware and not 8.0 without PAN to begin with?
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.