Comment by codedokode
2 years ago
I see that one of the steps in exploit was to use GPU registers to bypass kernel memory protection. Does it mean that the vulnerability cannot be fixed by an update and existing devices will stay vulnerable?
2 years ago
I see that one of the steps in exploit was to use GPU registers to bypass kernel memory protection. Does it mean that the vulnerability cannot be fixed by an update and existing devices will stay vulnerable?
The mitigation is that the mmio range in question has been marked as unwritable in the device trees on recent versions of iOS.
https://x.com/alfiecg_dev/status/1740025569600020708
I don't think there is any JIT on GPU and all the code has to go through a host-side kernel call so it should be able to protect the register I guess?
The kernel cannot protect against this, in fact the attackers have full read/write control and code execution capabilities to mount this attack. The fix is blocking this range from being mapped using features that are more powerful than the kernel.