Exploitations of Uninitialized Uses on macOS Sierra
نویسندگان
چکیده
An uninitialized use refers to a common coding mistake where programmers directly use variables on the stack or the heap before they are initialized. Uninitialized uses, although simple, can lead to severe security consequences. In this paper, we will share our experience in gaining arbitrary kernel code execution in the latest macOS Sierra by exploiting two uninitialized use vulnerabilities for Pwnfest 2016. Specifically, we first analyze the attack surface of the XNU kernel and mitigation techniques, and then study common types of uninitialized uses and potential threats. Then we elaborate on the vulnerabilities and exploitation techniques. Lastly, we summarize the whole exploitation and discuss the reliability of the exploitation.
منابع مشابه
Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
A common type of memory error in the Linux kernel is using uninitialized variables (uninitialized use). Uninitialized uses not only cause undefined behaviors but also impose a severe security risk if an attacker takes control of the uninitialized variables. However, reliably exploiting uninitialized uses on the kernel stack has been considered infeasible until now since the code executed prior ...
متن کاملGeneral Development Trends in Ecuador: Political and Economic Influences on Conservation
Ecuador is a small country located on the northwest comer of the South American continent. Intertwined within its boundaries abounds a wondrous array of diversity. Thee diverse regions encompass the geography of the land: the Costa, the Sierra, and the Oriente. The Costa region borders the Pacific Ocean and consists of lowlands, mountains, and rolling hills dividing the river valleys. The Sierr...
متن کاملNegative impacts of mine exploitations on rural regions of Tekab Township
This descriptive analytical survey was aimed to study the negative impacts of mine exploitations carried out in the rural regions of the Tekab Township located in Iran. The statistical population of the studied areas consisted of all the heads of the rural households in the villages located in the vicinity of the mines in the Tekab Township (N=2680). According to the Cochran formula, a sample s...
متن کاملMining and Environmental Degradation: a Gift Brings Grief Scenario for Mining Communities in Sierra Leone
Sierra Leone is blessed with abundant natural resources but yet prone to environmental degradation due to the mining operations. Most often, the mining communities are faced with social tensions, as a result of the possible trade-off between the expected employment impact and the cost of mining operations to the environment. Over the past decades, the contribution of the mining sector to the de...
متن کاملCorpus-driven Lexical Analysis: Norms and Exploitations in Word Use
It is a truism that meaning depends on context. Corpus evidence now shows us that normal contexts can be summarised and indeed quantified, while the creative exploitations of normal contexts by ordinary language users far exceed anything dreamed up in speculative linguistic theory. Human linguistic behaviour is indeed rule-governed, but in recent years, corpus analysis (e.g. Hanks 2013) has sho...
متن کامل