Twitter | Pretraživanje | |
Ian Beer 5. lip 2018.
iOS 11.4 patched kernel memory corruption bugs I reported in two distinct areas: mptcp and vfs. My exploit for the mptcp bug is here: Please read the README. It requires an Apple developer cert.
Reply Retweet Označi sa "sviđa mi se"
Ian Beer 5. lip 2018.
Odgovor korisniku/ci @elvanderb @jaakerblom
That is the same bug as already publicly documented from the patch by and exploited by , see John's repo here:
Reply Retweet Označi sa "sviđa mi se"
Ian Beer 5. lip 2018.
Odgovor korisniku/ci @i41nbeer
The vfs bug doesn't require an Apple developer cert but is considerably harder to exploit. You get to write 8 NULL bytes off the end of a kalloc.16 buffer. It's sufficiently hard to exploit that it's worth trying just to demonstrate that such issues are reliably exploitable...
Reply Retweet Označi sa "sviđa mi se"
Ian Beer 5. lip 2018.
Odgovor korisniku/ci @scarybeasts
see eg The Poisoned Nul Byte, 2014 by . But it takes time. The mptcp exploit is mostly recycled bits of earlier exploits. The getvolattrlist bug needs some new techniques.
Reply Retweet Označi sa "sviđa mi se"
Ian Beer 5. lip 2018.
Odgovor korisniku/ci @i41nbeer
The trigger is here: If you're in to iOS exploit dev take a go at it and blog about it! I'll publish what I have soon, hopefully this week.
Reply Retweet Označi sa "sviđa mi se"
Ian Beer 5. lip 2018.
Odgovor korisniku/ci @i41nbeer
Finally: always keep your personal iOS devices up to date and only use these tools on devices which don't have any personal information and are only used for research.
Reply Retweet Označi sa "sviđa mi se"
Ian Beer
(footnote: for the vfs bug technically you can control a handful of bits in the 8 overflow bytes, the overflow value is actually two 4 byte flag fields. This may or may not help.)
Reply Retweet Označi sa "sviđa mi se" More
Kane B 5. lip 2018.
Odgovor korisniku/ci @i41nbeer
What’s vfs stand for?
Reply Retweet Označi sa "sviđa mi se"
smokin1337 5. lip 2018.
Odgovor korisniku/ci @IndieDevKB @i41nbeer
Virtual file system I’m pretty sure
Reply Retweet Označi sa "sviđa mi se"
Forstart 5. lip 2018.
Odgovor korisniku/ci @i41nbeer
So about how long will it take to make the jailbreak
Reply Retweet Označi sa "sviđa mi se"
Tyler 5. lip 2018.
Odgovor korisniku/ci @arlison_reyes @i41nbeer
Depends on how long coolstar takes to update Electra now that the exploit came out👍
Reply Retweet Označi sa "sviđa mi se"
Not Adrian.mmv_ 5. lip 2018.
Odgovor korisniku/ci @i41nbeer @coolstarorg
Wen is dA exPlOyt Gunna B RElieSe?
Reply Retweet Označi sa "sviđa mi se"
Vic 5. lip 2018.
Odgovor korisniku/ci @i41nbeer @coolstarorg
That is the exploit silly
Reply Retweet Označi sa "sviđa mi se"
Chris 5. lip 2018.
Odgovor korisniku/ci @i41nbeer @coolstarorg
Reply Retweet Označi sa "sviđa mi se"
H4U 5. lip 2018.
Odgovor korisniku/ci @i41nbeer
Thanks for all your hard work 🎉💙🎉
Reply Retweet Označi sa "sviđa mi se"
Beastron 5. lip 2018.
Odgovor korisniku/ci @i41nbeer
I love you
Reply Retweet Označi sa "sviđa mi se"