Security Lacking in Previous AppleAVEDriver iOS Kernel Extension
An obscure Apple kernel extension patched in July in iOS 10.3.3 was originally built without security measures in place, according to the researcher who privately disclosed the flaws.
Today at the Hack in the Box security conference in Singapore, Zimperium zLabs’ Adam Donenfeld was scheduled to disclose details on seven flaws he found in the AppleAVEDriver.kext, a video encoder kernel extension, as well as another critical issue in the IOSurface.kext.
Donenfeld said he was able to chain together several of the vulnerabilities in order to locally elevate privileges and control an iOS device. There wasn’t much of an impediment from the AVE kernel extension.