Kext_request() permits purposes to request details about kernel modules, divided into lively and passive operations. Active operations (load, unload, begin, cease, etc.) require root entry. Passive operations had been initially unrestricted and allowed unprivileged customers to question kernel module base addresses. iOS6 inadvertently removed some limitations; only the load address requests are disallowed. So attackers can use kKextRequestPredicateGetLoaded to get load addresses and mach-o header dumps. The load handle and mach-o phase headers are obscured to hide the ASLR slide, however mach-o part headers aren’t. This reveals the virtual addresses of loaded kernel sections.

IBM Cloud® helps server-side Swift frameworks, …