MacOS, iOS task threading was open to hijack
27 Oct 2016 at 07:04, Richard Chirgwin When Apple shipped its security bug-fixes earlier this week, one patch mostly passed under the radar.
Ian Beer of Google Project Zero, who found a deep-down vulnerability in the XNU kernel, first reported it to Apple in February this year, and it took until now to clean it up properly.
It took eight months, apparently, because of a basic architectural feature of the kernel: calling target functions directly instead of via the MIG IPC (Mach interface generator inter process communication) layer is fast, but “there’s no central point where access to a resource can be cut off”.
In this post, task_t considered harmful, Beer describes (in gloriously geek-out detail) a discovery that needed “a large refactor in MacOS 10.12.1 / iOS 10.1” to fix.
Full Article