Adventures in Video Conferencing Part 2: Fun with FaceTime

Posted by Natalie Silvanovich, Project Zero FaceTime is Apple’s video conferencing application for iOS and Mac. It is closed source, and does not appear to use any third-party libraries for its core functionality. I wondered whether fuzzing the contents of FaceTime’s audio and video streams would...

FaceTime - readSPSandGetDecoderParams Stack Corruption Exploit

Exploit for macOS platform in category dos / poc FaceTime - readSPSandGetDecoderParams Stack Corruption Exploit There are a variety of problems that occur when processing malformed H264 streams in readSPSandGetDecoderParams, leading to OOB read, OOB write and stackchk crashes. I think the root...

FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption

There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer. The issue can be reproduced using the attached sequence of RTP packets. To reproduce the issue: 1 Build video-replay.c...

FaceTime - VCPDecompressionDecodeFrame Memory Corruption

FaceTime - VCPDecompressionDecodeFrame Memory Corruption There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer. The issue can be reproduced using the attached sequence of RTP...

FaceTime - readSPSandGetDecoderParams Stack Corruption

FaceTime - readSPSandGetDecoderParams Stack Corruption There are a variety of problems that occur when processing malformed H264 streams in readSPSandGetDecoderParams, leading to OOB read, OOB write and stackchk crashes. I think the root cause is stack corruption. This issue can occur if someone...