Office

Vulnerabilities affecting ios kernel revealed

Table of contents:

Anonim

Adam Donenfeld, researcher at the security firm Zimperium, has been commissioned to publish a list of vulnerabilities that affect the iOS kernel. Apple has already addressed all vulnerabilities on the list with the security patch that was released in May.

Vulnerabilities affecting iOS kernel revealed

In fact, the apple company asked Donenfeld to wait a while to release this list after releasing the security patch. To allow time for users to update their devices and thus protect themselves against these vulnerabilities.

IOS kernel vulnerabilities

The reason for the investigation was to explore an area of ​​the nucleus that had never been thoroughly investigated before. And the results leave no doubt. One exploit affected the IOSurface kernel extension, and another seven affected the AppleAVE driver kernel extension. The research has been a success, which is why Donenfeld is giving some lectures. This weekend he will give one in Singapore.

The complete list of detected vulnerabilities is as follows:

CVE-2017-6979 - Component is IOSurface.kext and causes increased privilege allowing attacker to bypass security checks and create object in IOSurface.

CVE-2017-6989 - Component is AppleAVE.kext. There is a vulnerability in the AppleAVE.kext kernel extension. The attacker can then remove the refcount from the IOSurface in the kernel

CVE-2017-6994: The component is again AppleAVE.kext and again causes increased privileges. The vulnerability is located in the kernel extension AppleAVE.kext. The attacker can pour the kernel address into any IOSurface object.

CVE-2017-6995: AppleAVE.kext again. A confusion vulnerability located in the core extension AppleAVE.kext. It allows an attacker to send a kernel pointer that the kernel will use as a pointer to a valid IOSurface object.

CVE-2017-6996: AppleAVE.kext. Its impact is the disclosure of information. A memory block of size 0x28 can be freed.

CVE-2017-6997: Same as the previous one. In this case an attacker can release any pointer of size 0x28.

CVE-2017-6998: same as the previous ones. You can hijack the execution of the kernel code.

CVE-2017-6999: Same as the previous ones.

Office

Editor's choice

Back to top button