Preface: A race condition vulnerability typically occurs when your application has access to the same shared data and attempts to change variables within it simultaneously. Applications can become vulnerable to race conditions if they interact with other applications that use parallel processing or multiple threads.
Background: A process describes an individual running instance of a program. It has its own memory, which it does not share with other programs. A process can run code in multiple separate threads. These threads can run code independently of each other.
In Linux, a process is an instance of executing a program or command. While these processes exist, they’ll be in one of the five possible states:
- Running or Runnable (R)
- Uninterruptible Sleep (D)
- Interruptable Sleep (S)
- Stopped (T)
- Zombie (Z)
Ref: Zombie processes are already dead, so they cannot be killed, they can only be reaped, which has to be done by their parent process via wait*(). This is usually called the child reaper idiom, in the signal handler for SIGCHLD.
When a child process stops or terminates, SIGCHLD is sent to the parent process. The default response to the signal is to ignore it. The signal can be caught and the exit status from the child process can be obtained by immediately calling wait(2) and wait3(3C). This allows zombie process entries to be removed as quickly as possible.
Vulnerability details: A race condition was addressed with improved state handling.
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to gain root privileges
Official announcement: About the security content of iOS 16.5 and iPadOS 16.5. Please refer to the link – https://support.apple.com/en-us/HT213757