Exploitations of Uninitialized Uses on macOS Sierra


Zhenquan Xu and Gongshen Liu, Shanghai Jiao Tong University; Tielei Wang and Hao Xu, PWNZEN InfoTech Co., LTD.

Awarded Best Student Paper!


An uninitialized use refers to a common coding mistake where programmers directly use variables on the stack or the heap before they are initialized. Uninitialized uses, although simple, can lead to severe security consequences. In this paper, we will share our experience in gaining arbitrary kernel code execution in the latest macOS Sierra by exploiting two uninitialized use vulnerabilities for Pwnfest 2016. Specifically, we first analyze the attack surface of the XNU kernel and mitigation techniques, and then study common types of uninitialized uses and potential threats. Then we elaborate on the vulnerabilities and exploitation techniques. Lastly, we summarize the whole exploitation and discuss the reliability of the exploitation.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {206154,
author = {Zhenquan Xu and Gongshen Liu and Tielei Wang and Hao Xu},
title = {Exploitations of Uninitialized Uses on {macOS} Sierra},
booktitle = {11th USENIX Workshop on Offensive Technologies (WOOT 17)},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/woot17/workshop-program/presentation/xu},
publisher = {USENIX Association},
month = aug