← Back to context

Comment by codedokode

2 years ago

If you read a better article with technical details [1], you'll see that Apple SOCs contain a "feature" (that resembles a debugging tool) that allows to bypass memory protection by writing into undocumented and unused GPU registers. Apple locks down kernel memory to stop exploits, but these registers allow to bypass the lock.

This vulnerability is they key vulnerability without which all the exploit chain would be useless.

[1] https://securelist.com/operation-triangulation-the-last-hard...

2 comments

codedokode

Reply
OrderlyTiamat  2 years ago

[flagged]

  • codedokode  2 years ago

    The original article doesn't have as many technical details as the article I linked to. That is why I added a link to another article which is better in my opinion and it is difficult to understand the vulnerability from original article. Original article also doesn't say anything about how Apple tried to fix it.