Hi All, I was reading iOS 6 Kernel Security: A Hacker’s Guide, http://media.caballe.cat/2012/10/iOS6_Security.pdf.
What is the "Offset-to-NULL" vulnerability (page 41)? I've never heard the term before. I can think of two items. First, a struct member is dereferenced so the resulting addition wraps to NULL (implying a [very high] bogus address is passed in for the struct pointer). Second is anything in the first 64KB of memory so a deference lands in the NULL page (or whatever size of __PAGE_ZERO). Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
