The most recent literature on exploiting the OS X heap was written in Phrack in 2005. Though the same region allocation scheme is still in use, the implementation has changed significantly. I am going to dive into how the OS X heap is laid out in memory, what is unique about it's region-based allocator, and how this changes common exploitation techniques.
We will also be releasing tooling that works with LLDB to further enhance the users ability to look into the current state of the heap and query the various zones for information. After an overview of the heap and how it is laid out we will present a case study of real world heap exploitation based on vulnerabilities found at Cisco Talos.