Tag: Exploit

Apple now no longer allows downgrade from iOS 16.3. This comes together with the news that previous iOS releases were subject to exploit allowing to get user's location if that permission was not given to the application.

Apple did not disclose details of this exploit.

Maps

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2023-23503: an anonymous researcher

About the security content of iOS 16.3 and iPadOS 16.3

Apple Support: About the security content of iOS 16.3 and iPadOS 16.3

References:

• Apple Stops Signing iOS 16.2 Following iOS 16.3 Launch, Downgrading No Longer Possible
• Was a Popular Brazilian Food Delivery App Bypassing Apple’s Location Privacy Settings on iOS?
• Apple Maps privacy bug may have allowed apps to collect location data without permission
• Was this Brazilian major app bypassing Apple's location privacy on iOS?
• Bypassing iOS 16.2 Location Privacy

The exploit which was fixed in iOS 16.2 provided a way for a developer to change system font on iPhone.

Zhuowei Zhang shared a story behind his proof-of-concept app. App itself is available as source code on GitHub.

Apple Support: About the security content of iOS 16.2 and iPadOS 16.2

GitHub: WDBFontOverwrite

Reference: Developer uses iOS 16 exploit to change system font without jailbreak

Apple releases bug fix releases – iOS and iPadOS 15.4.1, macOS 12.3.1 and watchOS 8.5.1. HomePod software is also updated to 15.4.1 version.

iOS fixes include battery drain fix, macOS Monterey now should have Bluetooth game controllers working properly.

Reference:

• Apple releases iOS 15.4.1 with battery issues fix for iPhone and iPad
• Apple Releases watchOS 8.5.1 With Security Updates and Bug Fixes
• Apple Releases HomePod 15.4.1 Software With Siri Fix
• Apple Releases iOS 15.4.1 With Fix for Battery Drain Issue
• Apple Releases macOS Monterey 12.3.1 With Bluetooth and Display Fixes
• macOS 12.3.1 fixes bug affecting game controllers and other Bluetooth devices
• Apple fixes multiple zero-day exploits with iOS 15.4.1 and macOS 12.3.1

New "SysJoker" cross-platform exploit now can infect machines with different OSes.

Interestingly, this exploit uses Universal Binary allowing it to run on Intel and Apple Silicon Macs. Code is signed with ad-hoc certificate. New certificates could be used in the future.

The files and directories created by SysJoker include:
/Library/MacOsServices
/Library/MacOsServices/updateMacOs
/Library/SystemNetwork
/Library/LaunchAgents/com.apple.update.plist
The persistence code is under the path LibraryLaunchAgents/com.apple.update.plist. If the files are found on a Mac, it is advised to kill off all related processes and delete the files.

AppleInsider

Reference: macOS, Windows, Linux all targeted by new cross-platform exploit

Log4j is a popular Java logging package used by many backends.

Details of the vulnerability are available here, and according to reports, also libraries or solutions using Apache log4j (we are talking about Steam, iCloud or Minecraft servers) are also vulnerable. Solutions using the Struts library are also probably vulnerable.

Affected log4j versions: 2.0 <= Apache log4j <= 2.14.1

Apple releases iOS 15.0.1 with fix for "Unlock with Apple Watch" on FaceID iPhones. Also, this release targets Lock Screen bypass security issue.

Zero-day exploits reported by Denis Tokarev are not fixed in this release yet.

'Lost Mode' on AirTags typically redirects user who finds it to Apple's website for information. However, AirTags could be exploited to redirect users to malicious sites.

Security researcher Denis Tokarev shared an articles disclosing several zero-day exploits.

Issues are expected to be fixed following the public exposure.

Apple patches security issues (including zero-day exploit) in iOS 12.5.5 for devices which could not be updated to iOS 14.

AppleInsider reports that Apple partially fixed vulnerability in macOS Big Sur allowing attackers to run arbitrary code via specially crafted email.

Vulnerability involves usage of file:// URL scheme, and currently Apple checks for it in case sensitive manner allowing attackers to use mixed cases. Proper fix is yet to come.