The lower layers in the modern computing infrastructure
are written in languages threatened by exploitation
of memory management errors. Recently deployed exploit
mitigations such as control-flow integrity (CFI) can
prevent traditional return-oriented programming (ROP)
exploits but are much less effective against newer techniques
such as Counterfeit Object-Oriented Programming
(COOP) that execute a chain of C++ virtual methods.
Since these methods are valid control-flow targets, COOP
attacks are hard to distinguish from benign computations.
Code randomization is likewise ineffective against COOP.
Until now, however, COOP attacks have been limited
to vulnerable C++ applications which makes it unclear
whether COOP is as general and portable a threat as ROP.
This paper demonstrates the first COOP-style exploit
for Objective-C, the predominant programming language
on Apple’s OS X and iOS platforms. We also retrofit the
Objective-C runtime with the first practical and efficient
defense against our novel attack. Our defense is able
to protect complex, real-world software such as iTunes
without recompilation. Our performance experiments
show that the overhead of our defense is low in practice.
2 comments
[ 65.2 ms ] story [ 585 ms ] threadThe lower layers in the modern computing infrastructure are written in languages threatened by exploitation of memory management errors. Recently deployed exploit mitigations such as control-flow integrity (CFI) can prevent traditional return-oriented programming (ROP) exploits but are much less effective against newer techniques such as Counterfeit Object-Oriented Programming (COOP) that execute a chain of C++ virtual methods. Since these methods are valid control-flow targets, COOP attacks are hard to distinguish from benign computations. Code randomization is likewise ineffective against COOP. Until now, however, COOP attacks have been limited to vulnerable C++ applications which makes it unclear whether COOP is as general and portable a threat as ROP. This paper demonstrates the first COOP-style exploit for Objective-C, the predominant programming language on Apple’s OS X and iOS platforms. We also retrofit the Objective-C runtime with the first practical and efficient defense against our novel attack. Our defense is able to protect complex, real-world software such as iTunes without recompilation. Our performance experiments show that the overhead of our defense is low in practice.