19 comments

[ 5.1 ms ] story [ 47.1 ms ] thread
> The physical memory dumping is abusing the fact that on iOS the physmap region, which provides direct virtual mappings of large parts of device physical memory is larger than the random ASLR shift which is applied to it. It's almost 4GB in size, but its virtual address only varies by around 1GB, leading to kernel virtual addresses which are always mapped and which provide a window in to device physical memory.

Not the first time Apple has messed up ASLR because the thing that they’re sliding has gotten too large…

Why would People of Color do such a thing?
Maybe it would be good to change the title to say `(fixed in iOS 13.3.1)` instead of `(iOS 13.3)`, to make it clear that this is not a zero day.
Well how would you expect to get any clicks doing that?
It's a bug tracker. Is it ad supported? Would they even want superfluous clicks?
Lot of cynicism on HN today :( but I suggest that if someone links to a Project Zero bug about iOS you can pretty much assume it’s been patched, and the OP claims HN title character limit is the true reason for the omission.

If a bug is unpatched I’d actually expect the title to specify that instead...

HN title character limit didn't allow me to.
(comment deleted)
I've squeezed it in there now at the cost of a little ungrammaticalness.

(Submitted title was "PoC remotely dump memory with no user interaction on iPhone 11 Pro (iOS 13.3)".)

I still see only 13.3, not 13.3.1... could do this:

> Remotely dump memory w/o user interaction on iPhone 11 Pro (fixed iOS 13.3.1)

Thanks, I missed that. I've moved things around a bit.
It would be nice if they increased the title limit.
(comment deleted)
Does this work if AirDrop is disabled but Bluetooth is on?

How about if just AirDrop is off?