[umanwizard]

I know that. But who knows how much secret sauce they have in the iOS build?

Also, even on OS X, it takes a while after new versions of the OS are released for new kernel source bundles to drop. So sometimes poking around with IDA is your only recourse.

[iheartmemcache]

A non-trivial amount of the iOS platform has been rev-eng'd (incidentally, largely with IDA and those kernel sources to create binaries with intact symbols + binary comparison heuristics[1]). XNU is largely based on FreeBSD so I'd be surprised if that wasn't an additional vehicle people were using (In a similar vein, fail0verflow used the syscode table information from FreeBSD with WebKit and ROPgadgets to fully compromise the PS3.)

RE: this specific exploit, here's the POC making it around the security sphere (thanks @heisecode!) https://github.com/heisecode/Bug_POCs

[1] https://static.googleusercontent.com/media/www.zynamics.com/...

[TickleSteve]

XNU != BSD.

XNU == MACH + BSD Personality.