Skip to main content

Security Lacking in Previous AppleAVEDriver iOS Kernel Extension

posted onAugust 27, 2017
by l33tdawg

An obscure Apple kernel extension patched in July in iOS 10.3.3 was originally built without security measures in place, according to the researcher who privately disclosed the flaws.

Today at the Hack in the Box security conference in Singapore, Zimperium zLabs’ Adam Donenfeld was scheduled to disclose details on seven flaws he found in the AppleAVEDriver.kext, a video encoder kernel extension, as well as another critical issue in the IOSurface.kext.

Donenfeld said he was able to chain together several of the vulnerabilities in order to locally elevate privileges and control an iOS device. There wasn’t much of an impediment from the AVE kernel extension.




You May Also Like

Recent News

Thursday, May 17th

Monday, May 14th

Tuesday, May 8th

Saturday, May 5th

Thursday, May 3rd

Wednesday, May 2nd

Tuesday, May 1st

Friday, April 27th