
Subversive-C: Abusing and Protecting Dynamic Message Dispatch [pdf] - frozenice
https://www.usenix.org/system/files/conference/atc16/atc16_paper-lettner.pdf
======
frozenice
Abstract

The lower layers in the modern computing infrastructure are written in
languages threatened by exploitation of memory management errors. Recently
deployed exploit mitigations such as control-flow integrity (CFI) can prevent
traditional return-oriented programming (ROP) exploits but are much less
effective against newer techniques such as Counterfeit Object-Oriented
Programming (COOP) that execute a chain of C++ virtual methods. Since these
methods are valid control-flow targets, COOP attacks are hard to distinguish
from benign computations. Code randomization is likewise ineffective against
COOP. Until now, however, COOP attacks have been limited to vulnerable C++
applications which makes it unclear whether COOP is as general and portable a
threat as ROP. This paper demonstrates the first COOP-style exploit for
Objective-C, the predominant programming language on Apple’s OS X and iOS
platforms. We also retrofit the Objective-C runtime with the first practical
and efficient defense against our novel attack. Our defense is able to protect
complex, real-world software such as iTunes without recompilation. Our
performance experiments show that the overhead of our defense is low in
practice.

------
Kristine1975
Since Swift uses the Objective-C runtime library, this should also work for
Swift.

