Apple iOS Exploit Takes Complete Control of Kernel

  /     /     /  
Publicated : 22/11/2024   Category : security


Apple iOS Exploit Takes Complete Control of Kernel


Researcher demonstrates severe ZIVA exploit at Hack in the Box.



Multiple vulnerabilities in the AppleAVEDriver when linked together create an opportunity to launch an iOS exploit that can take full control of the iOS kernel, security researcher Adam Donenfeld of Zimperiums zLabs revealed today.
Donenfeld, who today demonstrated the exploit at the 
Hack In the Box conference
 in Singapore, says all iOS devices running versions 10.3.1 
released in April
 as well as earlier versions are currently vulnerable to the attack. 
Apple patched eight vulnerabilities Donenfeld previously discovered – seven in AppleAVEDriver.kext and one in the iOSurface kernel extension – in its iOS version 10.3.2 in May.
It all began in January when Donefeld was researching the favored path attackers take in hitting Apples iOS, which entails focusing on the direct containerized app-to-kernel vulnerabilities.
The attack surface in between [the containerized app and kernel] is often underlooked and has more vulnerabilities, which are, usually, much, much easier to exploit. So, in most cases, even though an attacker has to go through more lines of code, finding and exploiting those bugs is usually an easier job, Donefeld says.
In his app-to-kernel vulnerabilities search, Donefeld did find a bug on Jan. 24, which in turn raised questions in his mind about other iOS attack surfaces. That curiosity led him to dive deeper into Apples closed-source kernel modules, where he found one he was not familiar with called Apple AVEDriver. That module lacked basic security fundamentals and contained seven vulnerabilities that would allow attackers to elevate privileges by overtaking the kernel and gaining arbitrary read-write and root control.
Building an iOS Kernel Exploit
Donefeld created the fully chained iOS kernel exploit - which he dubbed ZIVA - by linking together the seven vulnerabilities he found in the AppleAVEDriver module, he says.
Some of 
these AppleAVE vulnerabilities
 could allow information disclosures, denial of service (DoS), and elevation of privilege (EoP), Donefeld says.
The issues are severe and could allow the attacker to take complete control of any iOS device on the market prior to version 10.3.2., as well as access information including GPS data, photos, and contact information, or conduct denial-of-service (DoS) attacks, Donefeld says.
He notes that because Apple issued a patch for the flaws with version 10.3.2, iOS users who updated their device to the latest iOS version should be protected. Others, he adds, should invest in a third-party security solution.
This provides a complete control over the kernel, he says of the exploit.
Related Content:
Multiple Apple iOS Zero-Days Enabled Firm To Spy On Targeted iPhone Users For Years
Apple iOS Threats Fewer Than Android But More Deadly
iOS 8 Vs. Android: How Secure Is Your Data?
14 Social Media-Savvy CISOs to Follow on Twitter
Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for
more info
and to
register
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Apple iOS Exploit Takes Complete Control of Kernel