alt Hacker NewsUpon further reading on data only attacks
(https://www.usenix.org/publications/loginonline/data-only-at...)
This makes more sense. You don't trigger MTE since you're not doing anything for force MTE to take action the program isn't actually changing.
My other question would be, why didn't apple use fbounds checking here? They've been doing it aggressively everywhere else.
MTE plus fbounds checking everywhere should lead to an extremly hardened OS
Replies
aiscoming • yesterday at 11:04 PM
could be a different type of data only attack, which doesnt override the boundaries
➕ show 1 reply
Quite strange indeed, given that was one of the main points on their security conference a few months ago.