Why isn’t the checksum length increased on macOS to mitigate generic heap exploitation?
I’ve been studying heap exploitation on Linux/macOS for learning purposes.
Many of the generic exploits on macOS rely on brute-forcing the 4-bit checksum derived from the rack’s cookie value. This effectively results in a 2^… Continue reading Why isn’t the checksum length increased on macOS to mitigate generic heap exploitation?