Ohhhh this is interesting!!!!! I really miss the glory days of jailbreaking, it just unlocked so many handy, fun, and cool stuff. From running webservers to speeding up the terribly slow animations.
Since this can only underflow and some written bits are not attacker-chosen, does this not imply that the patchable part of the software could reliably detect this just in time and panic on suspected USB DMA corruption? Where is the catch?
The exploit grants arbitrary code execution, it can just fix up the telltale signs of the USB DMA corruption before jumping to an updatable part of the boot flow
Ohhhh this is interesting!!!!! I really miss the glory days of jailbreaking, it just unlocked so many handy, fun, and cool stuff. From running webservers to speeding up the terribly slow animations.
Since this can only underflow and some written bits are not attacker-chosen, does this not imply that the patchable part of the software could reliably detect this just in time and panic on suspected USB DMA corruption? Where is the catch?
The exploit grants arbitrary code execution, it can just fix up the telltale signs of the USB DMA corruption before jumping to an updatable part of the boot flow
Source posted earlier: https://news.ycombinator.com/item?id=48585852
What a horrible title, had no idea that submission referred to Apple chips.
[dead]