Azimuth Security: December 2013 <body onload='MM_preloadImages(&apos;;,&apos;;,&apos;;,&apos;;)'><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src=""></script> <script type="text/javascript"> gapi.load("", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: '\x3d509652393303233687\x26blogName\x3dAzimuth+Security\x26publishMode\x3dPUBLISH_MODE_HOSTED\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3d\x26blogLocale\x3den\x26v\x3d2\x26homepageUrl\x3d\x26vt\x3d1038547295672672920', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>
azimuth security services training resources about BLOG
project zeus
"You will not be informed of the meaning of Project Zeus until the time is right for you to know the meaning of Project Zeus."
Current Posts
April 2010
May 2010
August 2010
September 2012
February 2013
March 2013
April 2013
May 2013
June 2013
December 2013
March 2014
January 2015
Attacking Zone Page Metadata in iOS 7 and OS X Mavericks
Attacking Zone Page Metadata in iOS 7 and OS X Mavericks
posted by Tarjei Mandt @ 12/19/2013 09:23:00 AM  

Over the past several years, zone corruption vulnerabilities have been frequently leveraged by attackers in exploiting the iOS and OS X kernel. In response to their prevalence and gained popularity, iOS 6 and OS X Mountain Lion introduced numerous mitigations and hardening measures in order to increase the security and robustness of the zone allocator. In particular, these enhancements seek to prevent an attacker from leveraging well-known exploitation primitives such as the free list pointer overwrite. In iOS 7 and OS X Mavericks, further improvements have been made to the zone allocator, primary aimed at improving its efficiency. Notably, these improvements have caused significant changes to zone page management and have introduced a new zone page metadata structure. In this blog post, we revisit the zone allocator and detail the updates made by Apple in iOS 7 and OS X Mavericks. We then show how these changes yet again may allow an attacker to generically exploit zone corruption vulnerabilities.

Labels: , , , ,

© Copyright 2013 Azimuth Security Pty Ltd