[dsfjdssdfsd] fyi: Revisiting iOS Kernel (In)Security: Attacking the early random() PRNG

=JeffH Mon, 17 Mar 2014 10:15:35 -0700

Of possible interest...

Attacking the iOS 7 early_random() PRNG
http://blog.azimuthsecurity.com/2014/03/attacking-ios-7-earlyrandom-prng.html



Revisiting iOS Kernel (In)Security: Attacking the early random() PRNG
http://mista.nu/research/early_random-paper.pdf

http://mista.nu/research/early_random-slides.pdf


Abstract. iOS is by many considered to be one of the most secure mo-
bile platforms due to its stringent security features and relatively strong
focus on mitigation technology. In an eort to improve kernel security,
iOS 6 introduced numerous mitigations including verication cookies and
memory layout randomization. Conceptually, these mitigations seek to
complicate kernel exploitation by leveraging non-predictable data and
therefore require sucient entropy to be provided at boot time. In this
paper, we evaluate the security of the early random pseudorandom num-
ber generator. The early random PRNG is fundamental in supporting
the mitigations leveraged by the iOS kernel. Notably, we show how an
attacker can recover arbitrary outputs generated by the early random
PRNG in iOS 7 without being assisted by additional vulnerabilities or
having any prior knowledge about the kernel address space. Recovering
these outputs essentially allows an attacker to bypass a variety of exploit
mitigations, such as those designed to mitigate specic exploitation tech-
niques or whole classes of vulnerabilities. In turn, this may allow trivial
exploitation of vulnerabilities previously deemed non-exploitable.

_______________________________________________
dsfjdssdfsd mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dsfjdssdfsd

[dsfjdssdfsd] fyi: Revisiting iOS Kernel (In)Security: Attacking the early random() PRNG

Reply via email to