ASLR bypass



Nvidia has released a new driver for its graphics cards that includes a security update for a zero-day vulnerability in the Nvidia Display Driver Service that came to light on Christmas day. UK researcher Peter Winter-Smith posted vulnerability details and an exploit to Pastebin describing a stack buffer overflow vulnerability in the service, as well as his exploit, which bypassed DEP and ASLR on Windows machines.

A little more than a month out from the release of iOS 6, which in addition to new functionality addressed almost 200 security vulnerabilities, Apple pushed out iOS 6.0.1 yesterday that repaired four new critical security issues.The most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later. An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.