tags:uafiOSkernellpe original link: A step-by-step guide to writing an iOS kernel exploit newsletter link: exploits.club Weekly Newsletter 40 - iOS Kernel Exploitation, CET Bypasses, Elgato Hardware Repair, And More
Exploits Club Summary:
If you like write-ups which are well written, concise, and manage to be extremely technical while foregoing the âin the attached 700 line code snippetâŠâ, @alfiecg_dev somehow has managed to do just that. The post released this week documents how he approached exploitation for PhysPuppet, a physical-use-after-free. The blog starts with a quick refresher on page-tables and memory management in XNU. It then defines a physical-use-after-free, explains why it is a powerful primitive, and shows how sprayingÂ
IOSurface
 objects can help to identify the dangling PTE and subsequently achieve arbitrary R/W. And he does all of that in just 2,235 words. Unreal.
backlinks: kfd write-ups