Re: I don't understand...
ASLR and kernel/userspace checks and barriers on the calling functions.
If the Apple iOS is truly that disastrous in terms of security that you can just make up a pointer and call a random deep-OS function that should only be called by the OS, then they get everything they deserve in this day and age.
Imagine being able to "just call" deep-level OS functions that aren't exposed to you from unprivileged code... that's just a disaster waiting to happen.
It tells me exactly one thing - iOS apps are basically running as a privileged user, the APIs don't have any permissioning or ASLR-like defences, and they can't be bothered to push obsoleted functions through a shim so that they aren't exposed to the programmed libraries.
That a "determined programmer" of, say, a game, can inspect your API shim's code is a memory boundary violation in the first place... that they can then extract pointers to the underlying direct functions that aren't otherwise exposed is stupid... that they can then CALL/EXECUTE THOSE FUNCTIONS is ridiculous.
Someone teach Apple how to make a modern OS and incorporate privilege separation and memory barriers.
There's a reason that an unprivileged user on, say, Windows or Linux is unable to just jump into the kernel RAM, start probing for addresses and then jumping to those addresses to execute functions only used internally or by other processes/services.
Biting the hand that feeds IT
