{"uuid": "de04da4c-9d7a-4ca3-94d6-68f32c2dcbe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-30883", "type": "exploited", "source": "https://t.me/IOSAppSec/149", "content": "\u200b\u200b\ud83e\udd76 Bindiff and POC for the IOMFB vulnerability, iOS 15.0.2 \ud83e\udd76\n\nIn the last iOS security update (15.0.2) Apple fixed a vulnerability in IOMobileFrameBuffer/AppleCLCD, which they specified was exploited in the wild (CVE-2021-30883). This attack surface is highly interesting because it\u2019s accessible from the app sandbox (so it\u2019s great for jailbreaks) and many other processes, making it a good candidate for LPEs exploits in chains (WebContent, etc.).\n\nTherefore, I decided to take a quick look, bindiff the patch, and identify the root cause of the bug. After bindiffing and reversing, I saw that the bug is great, and I decided to write this short blogpost, which I hope you\u2019ll find helpful. I really want to publish my bindiff findings as close to the patch release as possible, so there will be no full exploit here; However, I did manage to build a really nice and stable POC that results in a great panic at the end :)\n\nSorry in advance for any English mistakes, I prioritized time over grammar (good thing we have automatic spell checkers:P ).\n\nURL : https://saaramar.github.io/IOMFB_integer_overflow_poc/\n\n#IOSAppSec #IOS #Hacking #Tools #Learning", "creation_timestamp": "2021-10-18T10:38:46.000000Z"}