|
@s1guza | |||||
|
APRR: Of Apple hardware secrets. siguza.github.io/APRR/
Might include a free 0day.
|
||||||
|
||||||
|
sferrini
@Simone_Ferrini
|
8. kol |
|
That’s one of the best research I’ve seen in the last couple of years. Congrats man! I’m now waiting for siguza.github.io/MTE :P
|
||
|
|
||
|
Siguza
@s1guza
|
8. kol |
|
oh lol, that'll be a while either way
|
||
|
|
||
|
Saar Amar
@AmarSaar
|
8. kol |
|
BTW, ppl stands for Page Protection Layer ;) pic.twitter.com/ePIFg0fyoq
|
||
|
|
||
|
Siguza
@s1guza
|
8. kol |
|
Yeah I just got the news, updated my post. Thanks!
|
||
|
|
||
|
qwertyoruiop
@qwertyoruiopz
|
8. kol |
|
so far it's at the top of my list of public 2019 iOS research
|
||
|
|
||
|
Brown&Cony
@browncony1221
|
8. kol |
|
Why don't wait ios13 out and A13 devices is out just release? They definitely will patch according to this
|
||
|
|
||
|
Siguza
@s1guza
|
8. kol |
|
It's not like it was a particularly good bug. And it would've been obvious from the page table dump anyway, so I didn't wanna leave it unmentioned.
|
||
|
|
||
|
puckchen
@cn_puckchen
|
15. kol |
|
It seems make no sense for PPL mode, this we can use a ROP in PPL entry to switch to PPL mode.
Why they design as this?
|
||
|
|
||
|
Siguza
@s1guza
|
15. kol |
|
You can't though. The entry is protected by a check, and the exit isn't executable from outside. And the stack is switched to protected memory too btw.
|
||
|
|
||