From the course: Writing Secure Code in iOS by Infosec

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Format string attack, part 3

Format string attack, part 3

From the course: Writing Secure Code in iOS by Infosec

Start my 1-month free trial Buy for my team

Format string attack, part 3

- [Instructor] Format string attack part three. We've talked about format strings. Now what's a format string attack? It's a type of bug, takes advantage of what should be an easily avoidable programmer mistake. Submitted data from an input string is evaluated as a command by the application. You didn't mean for this to happen. It could happen if a vulnerable function accepts a format string from a user. The attacker could use the format string attack to execute code, read the stack, Cause a segmentation fault in the running app, cause some weird new behaviors that compromise the security or the stability of the system. Like for example, going back to print format, print F and C. What if we passed %P %P, and we did it 15 times. 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 times. If we pass that in C to printf printf would be fooled into thinking it has 15 arguments. It would read the next 15 addresses from the stack thinking "Those are my arguments, "I got to read 'em and print…

Contents