Viewing posts for the category Apple
Mac OS X Lion: Did security mitigations manage to squeeze in?
Posted by: Subreption LLC in Security Apple 10 months, 2 weeks ago They say a picture is worth a thousand words, or so the saying goes. Therefore, the output from the now classic paxtest tool (which exposed the practical differences of ExecShield and PaX, among an array of other interesting tidbits) follows: Tags: mitigations macosx pax nxread more / Comments
Runtime binary loading via the dynamic loader on Apple Mac OS X
Posted by: Subreption LLC in Security Apple Research & Development 3 years, 3 months ago An article written by Dan Goodin from The Register was recently published, it mentions a forthcoming presentation by Vincenzo Iozzo, which presents a method to load a binary on runtime, directly from memory, in Mac OS X systems. Here we like to stick to the technical side of things... so let's get started on explaining how this can be done, in case you aren't planning to attend Black Hat or just feel particularly curious on the topic! read more / CommentsApple Mac OS X 10.4 temp_patch_ptrace(): Nonsense in kernel-land
Posted by: Subreption LLC in Security Apple 3 years, 6 months ago Several software vendors realized, sometime during the 1990-2000 timeframe, that exporting system call tables within kernel address space was a bad idea. This obviously doesn't mean anything to Red Hat and other GNU/Linux vendors who are happily providing world readable System.map files. Not like anybody needs them, though. Then again, you have to face potential funniness of contradictory measures, like Apple's own mistakes. This article won't talk about yet another bug introduced by a Linux developer working at Red Hat (and later silently fixed by another employee of the very same company), but an interesting issue with Mac OS X 10.4 systems on PowerPC. read more / CommentsCustom shellcode and return-to-libc on Mac OS X
Posted by: Subreption LLC in Security Apple Research & Development 3 years, 7 months ago After some time without any updates coming up, this article will show some techniques and strategies to improve reliability of exploit code in Mac OS X Tiger and Leopard (up to 10.5.5). Specifically, we will look at a technique to aid loading of stager shellcode and evading non-executable stack restrictions. This was hinted at the "OS X Exploits and Defense" book (Elsevier), chapter 7, which I wrote earlier this year (co-authored the book with Kevin Finisterre). read more / Comments- < Previous
- 1