Introduction
Within this paper wewill document all the0-day vulnerabilities we disclosed during our
talk at SyScan 2013.These vulnerabilities coverdifferent areas of theMountainLionand
iOSecosystem, starting with simple UI vulnerabilities in the iOS Enterprise Deployment
process, over dangerous features ofposix_spawn() in regard to SUID binaries, over user
space vulnerabilities in thedynamic linker used by Mountain Lion and iOSto a weakness
in the userspace stack canary implementation that rendersit completely uselessagainst
localattacks.
After a discussion ofall these user space attacks we will switchfocus to the kernel and
disclose three information leakvulnerabilities and one memorycorruptionthat couldbe
usedfor developing an iPad only jailbreak.
read more...........http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf