|
Haven't upgraded to iOS 8 yet? Aside from a lot of new features, Apple also fixed a number of security vulnerabilities in iOS 8. For example CVE-2014-4377, a memory corrupion issue in iOS's core graphics library. An exploit is now available for this vulnerability. NOTE: I have not verified yet that the exploit is working / genuine. We will not link at this point to the exploit code, but basic Google Fu should allow you to find it. The author claims that the exploit is "compleatly reliable and portable on iOS 7.1.x". The exploit comes in the form of a malformed PDF, which would usually be delivered as an image inside an HTML page. --- |
Johannes 4346 Posts ISC Handler Sep 22nd 2014 |
| Thread locked Subscribe |
Sep 22nd 2014 7 years ago |
|
From the exploit page: "This exploit needs a companion information leakage vulnerability to bypass ASLR, DEP and Code signing iOS exploit mitigations."
Sounds like it's not functional out of the box. |
Larry Seltzer 26 Posts |
| Quote |
Sep 22nd 2014 7 years ago |
|
The same person/group that claims to have discovered CVE-2014-4377 (CoreGraphics Memory Corruption) also claims to have discovered CVE-2014-4378 (CoreGraphics Information Disclosure). Blending the two together is claimed to allow for 100% remote code execution.
|
Larry Seltzer 1 Posts |
| Quote |
Sep 22nd 2014 7 years ago |
|
They published the exploit for the information disclosure vulnerability CVE-2014-4378 last Thursday.
|
Larry Seltzer 1 Posts |
| Quote |
Sep 23rd 2014 7 years ago |
Quoting Larry Seltzer:From the exploit page: "This exploit needs a companion information leakage vulnerability to bypass ASLR, DEP and Code signing iOS exploit mitigations." No, it needs CVE-2014-4378, which he also provides: http://blog.binamuse.com/2014/09/coregraphics-information-disclosure.html |
Anonymous |
| Quote |
Sep 23rd 2014 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
