CVE-2018-4282: Out-of-bounds read vulnerability in AppleT8015PPM.kext

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Researchers: Adam Donenfeld (@doadam)

Relevant Operating Systems: iOS, tvOS and watchOS

CVE: CVE-2018-4282

 

Summary

As a part of our ongoing mobile platform research, zLabs recently discovered a read-out-of-bounds vulnerability in the AppleT8015PPM.kext that allows an attacker to read out of its supplied structureInput. The read data is being used as a dictionary.

Details

Selector number 13 in ApplePPMUserClient (sPushTelemetry) receives the number of entries to be given to the dictionary. There is however no check on the number of entries, which will lead to the kernel reading out of the supplied input buffer.

 

Disclosure timeline

16/05/2018 – Bug discovered

19/05/2018 – Vendor notified

09/07/2018 – Patch released (fixed on iOS 11.4.1)
I would like to thank Apple for their quick and professional response and the rest of the Zimperium zLabs team for their ongoing research and assistance.

The post CVE-2018-4282: Out-of-bounds read vulnerability in AppleT8015PPM.kext appeared first on Zimperium Mobile Security Blog.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
1975 Followers
About Zimperium
Zimperium, the industry leader in Mobile Threat Defense, offers real-time, on-device protection against both known and previously unknown threats, enabling detection and remediation of attacks on all three mobile threat vectors - Device, Network and Applications. Zimperium’s patented z9™ detection engine uses machine learning to power zIPS™, mobile on-device Intrusion Prevention System app, and zIAP™, an embedded, In-App Protection SDK that delivers self-protecting iOS and Android apps. Leaders across the mobile ecosystem partner with Zimperium, including mobile operators (Airtel, Deutsche Telekom, SmarTone, SoftBank and Telstra), device manufacturers (Samsung, SIRIN, TriGem), and leading enterprise mobility management (EMM) providers (AirWatch, MobileIron, BlackBerry, Citrix and SAP). Headquartered in San Francisco, Zimperium is backed by Sierra Ventures, Samsung, Telstra, Warburg Pincus and SoftBank. Learn more at www.zimperium.com or our official blog at https://blog.zimperium.com.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel