6th July 2010
Since I posted my EvoCam exploit I have spotted at least one other OS X exploit that used the same technique for gaining code exec on Leopard. I though it would be useful to take this exploit for UFO: Alien Invasion by dookie and see how easy it would be to modify it to use my technique above to get it to run on Snow Leopard.
6th July 2010
This post follows on from my previous OS X exploit tutorial which demonstrated finding a buffer overflow in an OS X application and developing a working exploit for it. The technique used in that tutorial only worked on the previous incarnation of Apple’s OS X operating system known as Leopard (10.5.x).
I stupidly mentioned at the end of my previous post that future OS X exploit would likely rely on ROP based techniques in order to bypass non-executable memory protection and achieve code execution. I was then challenged by then Offensive Security team to produce a follow up post, so the obvious next port of call was to get my previous EvoCam exploit working on Snow Leopard.