3 matches found
JITSploitation III: Subverting Control Flow
Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...
JITSploitation I: A JIT Bug
By Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed in iOS...
The core of Apple is PPL: Breaking the XNU kernel's kernel
Posted by Brandon Azad, Project Zero While doing research for the one-byte exploit technique, I considered several ways it might be possible to bypass Apple's Page Protection Layer PPL using just a physical address mapping primitive, that is, before obtaining kernel read/write or defeating PAC...