Potential Risk of CVE

About CVE-2023-28205 and CVE-2023-28206: Hunter, hunting apple design weakness (12th Apr 2023)

Leave a comment

Preface: memcpy() function is is used to copy a specified number of bytes from one memory to another. memmove() function is used to copy a specified number of bytes from one memory to another or to overlap on same memory.

Background: WebKit is the part of Apple’s browser engine that sits underneath absolutely all web rendering software on Apple’s mobile devices.
Found use-after-free and input validation issue in apple iOS ,macOS and Safari software product. Proof of concept released to public shown the design weakness.
A proof-of-concept (PoC) exploit for the CVE-2023-28206 flaw,  revealing an out-of-bounds memory move in IosaColorManagerMSR8::getHDRStats_gatedContext.
CVE-2023-28206: IOSurfaceAccelerator – An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
CVE-2023-28205: WebKit – Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Ref: WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all web browsers on iOS and iPadOS.

Vulnerability details:
CVE_2023-28205: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVE-2023-28206: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Big Sur 11.7.6, macOS Ventura 13.3.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Official announcement – For details, please refer to the link – https://support.apple.com/en-us/HT213720

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.