C++ coroutines prone to code-reuse attack despite control flow integrity

A code-reuse attack named coroutine frame-oriented programming (CFOP) is capable of exploiting C++ coroutines across three major compilers, namely Clang/LLVM, GCC and MSVC. CFOP even succeeds in environments that are protected by control flow integrity (CFI), exposing relevant gaps in 15 of these defense schemes.

This article is brought to you by this site.

Skip The Dishes Referral Code