Skip to main content

Security Lacking in Previous AppleAVEDriver iOS Kernel Extension

posted onAugust 27, 2017
by l33tdawg

An obscure Apple kernel extension patched in July in iOS 10.3.3 was originally built without security measures in place, according to the researcher who privately disclosed the flaws.

Today at the Hack in the Box security conference in Singapore, Zimperium zLabs’ Adam Donenfeld was scheduled to disclose details on seven flaws he found in the AppleAVEDriver.kext, a video encoder kernel extension, as well as another critical issue in the IOSurface.kext.

Donenfeld said he was able to chain together several of the vulnerabilities in order to locally elevate privileges and control an iOS device. There wasn’t much of an impediment from the AVE kernel extension.

Source

Tags

HITB HITBGSEC Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th