The vulnerabilityįirst thing first, let’s view the patched function(s) to understand the bug. Sorry in advance for any English mistakes, I prioritized time over grammar (good thing we have automatic spell checkers:P ). I really want to publish my bindiff findings as close to the patch release as possible, so there will be no full exploit here However, I did manage to build a really nice and stable POC that results in a great panic at the end :) After bindiffing and reversing, I saw that the bug is great, and I decided to write this short blogpost, which I hope you’ll find helpful. Therefore, I decided to take a quick look, bindiff the patch, and identify the root cause of the bug. This attack surface is highly interesting because it’s accessible from the app sandbox (so it’s great for jailbreaks) and many other processes, making it a good candidate for LPEs exploits in chains (WebContent, etc.). In the last iOS security update ( 15.0.2) Apple fixed a vulnerability in IOMobileFrameBuffer/AppleCLCD, which they specified was exploited in the wild (CVE-2021-30883).
IOMFB_integer_overflow_poc Bindiff and POC for the IOMFB vulnerability, iOS 15.0.2 Intro
0 kommentar(er)
