At BlackHat Asia 2014, Ming-chieh Pan and Sung-ting Tsai presented about Mac OS X Rootkits (paper and slides). They describe some very cool techniques to access kernel memory in different ways than the usual ones. The slides and paper aren’t very descriptive about all the techniques so this weekend I decided to give it a try and replicate the described vulnerability to access kernel memory.
The access to kernel task (process 0) was possible before Leopard (or was it fixed in Snow Leopard?
Print
Share
Comment
Cite
Upload
Translate
APA
() » About the processor_set_tasks() access to kernel memory vulnerability. Retrieved from https://www.truth.cx/2014/05/05/about-the-processor_set_tasks-access-to-kernel-memory-vulnerability/.
MLA" » About the processor_set_tasks() access to kernel memory vulnerability." - , https://www.truth.cx/2014/05/05/about-the-processor_set_tasks-access-to-kernel-memory-vulnerability/
HARVARD » About the processor_set_tasks() access to kernel memory vulnerability., viewed ,
VANCOUVER - » About the processor_set_tasks() access to kernel memory vulnerability. [Internet]. [Accessed ]. Available from: https://www.truth.cx/2014/05/05/about-the-processor_set_tasks-access-to-kernel-memory-vulnerability/
CHICAGO" » About the processor_set_tasks() access to kernel memory vulnerability." - Accessed . https://www.truth.cx/2014/05/05/about-the-processor_set_tasks-access-to-kernel-memory-vulnerability/
IEEE" » About the processor_set_tasks() access to kernel memory vulnerability." [Online]. Available: https://www.truth.cx/2014/05/05/about-the-processor_set_tasks-access-to-kernel-memory-vulnerability/. [Accessed: ]