My next class:

iOS 7.1.x Exploit Released (CVE-2014-4377)

Published: 2014-09-22. Last Updated: 2014-09-22 13:41:33 UTC
by Johannes Ullrich (Version: 1)
4 comment(s)

Haven't upgraded to iOS 8 yet? Aside from a lot of new features, Apple also fixed a number of security vulnerabilities in iOS 8. For example CVE-2014-4377, a memory corrupion issue in iOS's core graphics library. An exploit is now available for this vulnerability.

NOTE: I have not verified yet that the exploit is working / genuine. We will not link at this point to the exploit code, but basic Google Fu should allow you to find it.

The author claims that the exploit is "compleatly reliable and portable on iOS 7.1.x". The exploit comes in the form of a malformed PDF, which would usually be delivered as an image inside an HTML page.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords:
4 comment(s)
My next class:

Comments

From the exploit page: "This exploit needs a companion information leakage vulnerability to bypass ASLR, DEP and Code signing iOS exploit mitigations."

Sounds like it's not functional out of the box.
The same person/group that claims to have discovered CVE-2014-4377 (CoreGraphics Memory Corruption) also claims to have discovered CVE-2014-4378 (CoreGraphics Information Disclosure). Blending the two together is claimed to allow for 100% remote code execution.
They published the exploit for the information disclosure vulnerability CVE-2014-4378 last Thursday.
[quote=comment#32035]From the exploit page: "This exploit needs a companion information leakage vulnerability to bypass ASLR, DEP and Code signing iOS exploit mitigations."

Sounds like it's not functional out of the box.[/quote]

No, it needs CVE-2014-4378, which he also provides:
http://blog.binamuse.com/2014/09/coregraphics-information-disclosure.html

Diary Archives