Techly NewsGet the app

Get the latest tech news

Tachy0n: The Last 0day Jailbreak


Siguza’s Blog

I can only speculate that this was because Apple likely forked XNU to a separate branch for that version and had failed to apply the patch there, but this made it evident that they had no regression tests for this kind of stuff. Everyone and their mom was doing it, it’s been explained in detail many, many times so I’m not gonna rehash it here, but fact is: if you could get a user-supplied value interpreted as a pointer to a mach port, it was game over. The common strategy for this was to hit OSUnserializeXML for rapid bulk unserialisation into virtually any chosen zone, and doing so via IOSurface::setValue, which additionally allowed replacing and removing individual properties at will later.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Tachy0n

Tachy0n

Photo of 0day Jailbreak

0day Jailbreak

« You'll soon be able to start a Spotify Jam directly in your car
Use ramoops for logging under Linux (2021) »