Right expansion: critical lucke in oldric ios and macos versions

Right expansion: Critical Lucke in Oldric IOS and MacOS versions

Apple’s important xpc interface allows malware to obtain advanced rights: a logic problem with the handling of xpc services through the central process launchd "easy to exploit and with 100 percent reliability to expand the rights" abuse, as the security researcher zhipeng huo now announced. Also, it is bad software so much, even from the "restrictive sandbox" break out.

Lucke only eliminated in macos 11 and ios 14

The vulnerability was reported to apple last year and is fixed according to the manufacturer in macos 11 big sur and ios 14 – it has the logic problem "through improved checking" eliminated, apple writes in a rejuvenated note. Also in ios 13.5 were already taken counterpayers, said the for tencents security xuanwu lab tata security researchers. Older versions of the operating systems seem to be more accurate, at least apple does not fix this vulnerability (cve-2020-9971) in his release notes of security updates for macos 10.15 or 10.14 on.

The cert bund of the federal office for safety in information technology (bsi) classifies the risk as "very high" although the vulnerability seems to take advantage of only through local attackers – and not readily remotely. In contrast to macos, developers in ios can not directly address the xpc services, huo notes, but apple use them for various separate processes with extended rights; accordingly just be it, "usal goals" to find.

As root from the sandbox

The attacker is able to build its own xpc service through the cheeks, which then export it to root rights. Launchd should actually ensure that only certain, legitimate processes can make the xpc service exports, but sloppy how huo blows in a detailed treatise of the bug.

Only from ios 14 and macos 11 does the system investigate whether the requesting process is indeed the owner of the corresponding process area – and launchd may therefore export the xpc service or not. The internal mechanism of xpc services is therefore complex that it is well "many other logic problems" done, so the security researcher.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: