|
|
|
|
|
|
by profquail
2671 days ago
|
|
|
I didn’t see the article say anything about redacting code? The XNU kernel (used in macOS and iOS) is open-source and has been for some time:
https://github.com/apple/darwin-xnu My reading of the article was that Apple has some custom logic in the A12 (for the implementation of the pointer authentication extensions) and have made some (unreleased) modifications to the XNU code to utilize that custom logic. The article is the author reverse-engineering the unreleased modifications and working out how they interact with the A12, to try to discover exploitable weaknesses in the implementation. |
|
|
> The part [of the comments in the released source] about the "pointer" containing authenticated, hasBKey, and hasDKey bits suggests that this code is dealing with authenticated pointers, although all the code that actually performs PAC operations has been removed from the public sources.
The researcher suspects Apple started with a version of the XNU code that supported the A12 logic, then removed the lines of code that actually performed the operations before publicly releasing it. In other words, Apple redacted security-related parts of the XNU source.
To me, at least, that's different from Apple creating a new XNU version that supports pointer authentication and not releasing it at all.