Researcher released the technical details for CVE-2022-32898 in iOS 16

移动安全 1年前 (2022) admin
454 0 0

Security researcher Mohamed Ghannam (@_simo36) has published the exploit code for a vulnerability in the iOS kernel that could help an attacker execute arbitrary code with kernel privileges.

Tracked as CVE-2022-32898 (CVSS score of 7.8), the security defect was identified while reverse-engineering the process by which the Apple Neural Engine loads a model in the kernel level, with a patch available since the release of iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9.

Successful exploitation of the vulnerability would allow the attacker to be able to execute arbitrary code with kernel privileges on the target system.

Researcher released the technical details for CVE-2022-32898 in iOS 16

Ghannam released the technical details for the security flaw and explained how to find a flaw in the Apple Neural Engine component.

“The ZinComputeProgramGetNamesFromMultiPlaneLinear() and ZinComputeProgramGetNamesFromMultiPlaneTiledCompressed() functions are both responsible for parsing the procedure input and output, or more precisely, the LC_THREAD command with thread flavor 2 (ane_bind_state) whose binding_type_info value is 4 and 5.”  Ghannam wrote.

“Due to the lack of validation of how many planes a model can supply, kernel pointers could be written outside the bounds of the planes array, potentially leading to a many interesting memory corruption scenarios.”

Apple addressed CVE-2022-32898 in iOS 16 by introducing some validation checks in both vulnerable functions, limiting the supplied plane count to four entries.

Users are recommended to update to the latest version as soon as possible to mitigate possible threats.

 

版权声明:admin 发表于 2022年11月30日 下午2:52。
转载请注明:Researcher released the technical details for CVE-2022-32898 in iOS 16 | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...