32 matches found
EUVD-2016-2850
Malware in sbrugna...
EUVD-2015-5814
Malware in sbrugna...
EUVD-2016-2849
Malware in sbrugna...
EUVD-2016-8426
Malware in sbrugna...
EUVD-2014-4388
Malware in sbrugna...
EUVD-2016-8457
Malware in sbrugna...
EUVD-2017-5377
Malware in sbrugna...
CVE-2022-46702
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory...
Exploit for CVE-2022-32898
CVE-2022-32898: ANEProgramCreate multiple kernel memory cor...
PT-2023-28338 · Undefined · Undefined
on to the next stage, the purpose of which was access to the iOS kernel. The kernel was manipulated using vulnerabilities CVE-2023-42434 and CVE-2023-39606. The operation of the first one opened read and write access to the entire physical memory of the device, the use of the...
PT-2023-27032 · Undefined · Undefined
on to the next stage, the purpose of which was access to the iOS kernel. The kernel was manipulated using vulnerabilities CVE-2023-42434 and CVE-2023-39606. The operation of the first one opened read and write access to the entire physical memory of the device, the use of the...
VulnCheck KEV: CVE-2022-42827
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges...
Impressive iPhone Exploit
This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device -- over Wi-Fi, with no user interaction required at all. Oh, and...
One Byte to rule them all
Posted by Brandon Azad, Project Zero One Byte to rule them all, One Byte to type them, One Byte to map them all, and in userspace bind them -- Comment above vmmapcopyt For the last several years, nearly all iOS kernel exploits have followed the same high-level flow: memory corruption and fake Mac...
A survey of recent iOS kernel exploits
Posted by Brandon Azad, Project Zero I recently found myself wishing for a single online reference providing a brief summary of the high-level exploit flow of every public iOS kernel exploit in recent years; since no such document existed, I decided to create it here. This post summarizes origina...
Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years
Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered...
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas
/ There was recently some cleanup in the persona code to fix some race conditions there, I don't think it was sufficient: In kpersonaallocsyscall if we provide an invalid userspace pointer for the ipd outptr we can cause this copyout to fail: error = copyout&persona-pnaid, idp, sizeofpersona-pnai...
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas / There was recently some cleanup in the persona code to fix some race conditions there, I don't think it was sufficient: In kpersonaallocsyscall if we provide an invalid userspace pointer for the ipd outptr we can cause this...
Apple iOS Kernel - Stack Memory Disclosure due to Failure to Check copyin Return Value Exploit
Exploit for iOS platform in category dos / poc Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value Exploit Here's a code snippet from sleh.c with the second level exception handler for undefined instruction exceptions: static void handleuncategorizedarmsavedstat...
The researchers published the iOS kernel exploit code-exploit warning-the black bar safety net
From the mobile security company Zimperium researchers Adam Donenfeld published zIVA kernel exploit program PoC code. zIVA affect iOS 10.3.1 and prior versions, an attacker can by zIVA using the code to get any read-write and root access. Apple 5 months to fix the vulnerability Apple to 5 months ...