CVE-2023-23514: An app may be able to execute arbitrary code with kernel privileges (19th Feb 2023)

Preface: iOS 16 is the sixteenth and current major release of the iOS mobile operating system developed by Apple for its iPhone line of products. It was announced at the company’s Worldwide Developers Conference (WWDC) on June 6, 2022, as the successor to iOS 15.

Background: Use-after-free is still a common bug class because the task of manually identifying them, especially in large and complex codebases is a challenge. If program does not clear the pointer after freeing memory allocation. It is possible to encounter use-after-free vulnerability.
An attacker can use UAFs to pass arbitrary code or a reference to it. To a program and navigate to the beginning of the code by using a dangling pointer.

Vulnerability details: An app may be able to execute arbitrary code with kernel privileges. A use after free issue was addressed with improved memory management.

Official announcement: For customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
For details, see the link – https://support.apple.com/en-us/HT213635

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.