- Aug 17, 2014
- 11,114
Proof-of-concept (PoC) code has been released for recently patched iOS vulnerabilities that can be chained to take full control of a mobile device. The flaws could also be useful for a jailbreak, according to the researcher who found them.
iOS 10.3.2, which Apple released in mid-May, patches seven AVEVideoEncodervulnerabilities and one IOSurface flaw discovered by Adam Donenfeld of mobile security firm Zimperium. The security holes, which Apple says can be used by an application to gain kernel privileges, are believed to affect all prior versions of the iOS operating system.
Donenfeld, who disclosed his findings this week at the Hack in the Box security conference in Singapore, said he identified the vulnerabilities while analyzing iOS kernel modules. His analysis led to a little-known module, called AppleAVE, which appeared to lack basic security.
Read full article: PoC Released for Dangerous iOS Kernel Exploit | SecurityWeek.Com
iOS 10.3.2, which Apple released in mid-May, patches seven AVEVideoEncodervulnerabilities and one IOSurface flaw discovered by Adam Donenfeld of mobile security firm Zimperium. The security holes, which Apple says can be used by an application to gain kernel privileges, are believed to affect all prior versions of the iOS operating system.
Donenfeld, who disclosed his findings this week at the Hack in the Box security conference in Singapore, said he identified the vulnerabilities while analyzing iOS kernel modules. His analysis led to a little-known module, called AppleAVE, which appeared to lack basic security.
Read full article: PoC Released for Dangerous iOS Kernel Exploit | SecurityWeek.Com
