|
|
|
|
|
|
by xnyhps
2791 days ago
|
|
|
> Heap buffer overflow in the network stack allowed for sending ICMP packets that would crash devices. It's not receiving an ICMP packet that causes the crash, it's when sending an ICMP error response packet. ICMP error packets can be generated in response to any type of IP packet, for example "host unreachable" when using UDP. These packets copy the original header of the packet which generated the error, which is where the out-of-bounds copy is. I understand why the author doesn't want to give full details, but in this case it leads to a lot of misunderstandings on how it works. |
|
|
I expect to see a PoC soon with arbitrary code execution in kernel space on all unpatched MacOS/iOS devices soon. Which would be bad...