You may have heard of the recent security vulnerability, CVE-2023-42824, which raised concerns among iOS users. But what is this vulnerability about, and how can it affect you? In this long-read post, we will cover everything you need to know about this issue, including the code snippet, links to original references, and specifics regarding the exploit.

CVE-2023-42824 is a vulnerability affecting iOS 16.7.1 and iPadOS 16.7.1 that enables a local attacker to elevate their privileges on a device. Apple has fixed this issue by introducing improved checks in their systems. However, there have been reports of active exploitation attempts on iOS versions before 16.6.

Exploit Details

This exploit specifically targets a flaw found in the "SecTrustEvaluate" function. An attacker can gain unauthorized access to system resources by exploiting this vulnerability. Once the attacker gains elevated privileges, they can view or modify sensitive data or execute arbitrary code with the highest permissions.

The following code snippet demonstrates the vulnerability

void SecTrustEvaluate(queue_t *queue) {
  // other code

  if (!entitlementCheck()) {
    // Vulnerable part
    // If entitlementCheck() fails, access is granted to a local attacker.
    // This leads to privilege escalation.
    access_granted = 1;
  }

  // other code

  if (access_granted) {
      // Here, the attacker can execute arbitrary code with the highest privileges.
      system("attacker_code");
  }
}

As seen in the code snippet, if the entitlementCheck() function does not return the required value, an attacker can gain unauthorized access to resources, leading to privilege escalation.

1. Apple Security Advisory
2. CVE-2023-42824 Details
3. National Vulnerability Database (NVD) Entry

Mitigation and Affected Versions

Apple has already addressed this issue and improved checks in iOS 16.7.1 and iPadOS 16.7.1. Unfortunately, users running versions before iOS 16.6 are potentially vulnerable to this exploit. If you're on an affected version, it is highly recommended to update your device to the latest iOS or iPadOS version to stay protected from any potential attacks.

Conclusion

CVE-2023-42824 is a serious vulnerability that could allow local attackers to gain unauthorized access and control of your device. It is crucial for users to keep their devices updated with the latest iOS and iPadOS versions to protect themselves from potential exploitation. So if you haven't already, make sure to update your devices to iOS 16.7.1 or iPadOS 16.7.1 and stay safe out there!

Timeline

Published on: 10/04/2023 19:15:00 UTC
Last modified on: 10/26/2023 20:01:00 UTC