A step-by-step guide to writing an iOS kernel exploit

tags:uaf iOS kernel lpe original link: A step-by-step guide to writing an iOS kernel exploit newsletter link: exploits.club Weekly Newsletter 40 - iOS Kernel Exploitation, CET Bypasses, Elgato Hardware Repair, And More

Exploits Club Summary:

If you like write-ups which are well written, concise, and manage to be extremely technical while foregoing the “in the attached 700 line code snippet…”, @alfiecg_dev somehow has managed to do just that. The post released this week documents how he approached exploitation for PhysPuppet, a physical-use-after-free. The blog starts with a quick refresher on page-tables and memory management in XNU. It then defines a physical-use-after-free, explains why it is a powerful primitive, and shows how spraying IOSurface objects can help to identify the dangling PTE and subsequently achieve arbitrary R/W. And he does all of that in just 2,235 words. Unreal.

backlinks: kfd write-ups

🐛 bug.directory

Explorer

A step-by-step guide to writing an iOS kernel exploit

Exploits Club Summary:

Graph View

Backlinks