|
|
|
|
|
|
by frozenice
3650 days ago
|
|
|
Abstract The lower layers in the modern computing infrastructure
are written in languages threatened by exploitation
of memory management errors. Recently deployed exploit
mitigations such as control-flow integrity (CFI) can
prevent traditional return-oriented programming (ROP)
exploits but are much less effective against newer techniques
such as Counterfeit Object-Oriented Programming
(COOP) that execute a chain of C++ virtual methods.
Since these methods are valid control-flow targets, COOP
attacks are hard to distinguish from benign computations.
Code randomization is likewise ineffective against COOP.
Until now, however, COOP attacks have been limited
to vulnerable C++ applications which makes it unclear
whether COOP is as general and portable a threat as ROP.
This paper demonstrates the first COOP-style exploit
for Objective-C, the predominant programming language
on Appleās OS X and iOS platforms. We also retrofit the
Objective-C runtime with the first practical and efficient
defense against our novel attack. Our defense is able
to protect complex, real-world software such as iTunes
without recompilation. Our performance experiments
show that the overhead of our defense is low in practice. |
|
|