> The physical memory dumping is abusing the fact that on iOS the physmap region, which provides direct virtual mappings of large parts of device physical memory is larger than the random ASLR shift which is applied to it. It's almost 4GB in size, but its virtual address only varies by around 1GB, leading to kernel virtual addresses which are always mapped
and which provide a window in to device physical memory.
Not the first time Apple has messed up ASLR because the thing that they’re sliding has gotten too large…
Lot of cynicism on HN today :( but I suggest that if someone links to a Project Zero bug about iOS you can pretty much assume it’s been patched, and the OP claims HN title character limit is the true reason for the omission.
If a bug is unpatched I’d actually expect the title to specify that instead...
Not the first time Apple has messed up ASLR because the thing that they’re sliding has gotten too large…