Use After Free
Basic Information
As the name implies, this vulnerability occurs when a program stores some space in the heap for an object, writes some info there, frees it apparently because it's not needed anymore and then accesses it again.
The problem here is that it's not ilegal (there won't be errors) when a freed memory is accessed. So, if the program (or the attacker) managed to allocate the freed memory and store arbitrary data, when the freed memory is accessed from the initial pointer that data would be have been overwritten causing a vulnerability that will depends on the sensitivity of the data that was stored original (if it was a pointer of a function that was going to be be called, an attacker could know control it).
Other References & Examples
https://8ksec.io/arm64-reversing-and-exploitation-part-2-use-after-free/
ARM64. Use after free: Generate a user, free it, reuse the same chunk overwriting the position of user->password from the previous one. Reuse the user to bypass the password check
Last updated