Mailing List Archive

[WooYun-2014-00049] Mac osx & ios Kernel Module Uninitialization
*Abstract:*
Apple¡¯s operating system IOReportHub has kernel module unitialization
vulnerabilities that cause kernel breakdown.

*Details:*
The problem appears at the third function that moderates ¡°GetValues¡±.
__ZN18IOReportUserClient10_getValuesEy: //
IOReportUserClient::_getValues(unsigned long long) 0000000000001f7c 55 push
rbp ; XREF=0x17f7 0000000000001f7d 4889E5 mov rbp, rsp 0000000000001f80
4157 push r15 0000000000001f82 4156 push r14 0000000000001f84 4154 push r12
0000000000001f86 53 push rbx 0000000000001f87 4989F6 mov r14, rsi
0000000000001f8a 4989FC mov r12, rdi 0000000000001f8d 498BBC24F0000000 mov
rdi, qword [ds:r12+0xf0] 0000000000001f95 E800000000 call 0x1f9a
0000000000001f9a 498BBC2400010000 mov rdi, qword [ds:r12+0x100] ;
XREF=0x1f95 0000000000001fa2 488B07 mov rax, qword [ds:rdi] //rdi indicates
a ¡°0¡± object

*Proofs of concept:*

*[image: ÄÚǶͼƬ 1]*

*Form:*
http://en.wooyun.org/bugs/wooyun-2013-041

--

WooYun, an Open and Free Vulnerability Reporting Platform

For more information, please visit *http://en.wooyun.org/about.php
<http://en.wooyun.org/about.php?>*