Skip to main content

Security Lacking in Previous AppleAVEDriver iOS Kernel Extension

posted onAugust 27, 2017
by l33tdawg

An obscure Apple kernel extension patched in July in iOS 10.3.3 was originally built without security measures in place, according to the researcher who privately disclosed the flaws.

Today at the Hack in the Box security conference in Singapore, Zimperium zLabs’ Adam Donenfeld was scheduled to disclose details on seven flaws he found in the AppleAVEDriver.kext, a video encoder kernel extension, as well as another critical issue in the IOSurface.kext.

Donenfeld said he was able to chain together several of the vulnerabilities in order to locally elevate privileges and control an iOS device. There wasn’t much of an impediment from the AVE kernel extension.

Source

Tags

HITB HITBGSEC Security

Recent News

Tuesday, November 14th

Sunday, November 12th

Friday, November 10th

Wednesday, November 8th

Monday, November 6th