About a month after Apple released iOS 16.3 and macOS 13.2, it detailed additional security fixes that came with the updates. Now Trellix, the team that found two of those flaws for iOS and macOS has revealed more about how they discovered what they’re calling a “large new class of bugs.” While the new exploits were quickly patched by Apple, Trellix says it’s “still exploring” a “huge range” of potential vulnerabilities that could put messages, photos, location data, and more at risk on iPhone and Mac.
Earlier this week, Apple updated its security page with the information that there were three flaws patched in iOS 16.3 it hadn’t previously detailed. As it turns out, two of those are being classified by security firm Trellix as a “new class of bugs” that can execute arbitrary code outside of the sandbox in iOS.
Senior researcher Austin Emmitt at Trellix detailed how his team discovered the new type of flaw with an in-depth blog post (via Macworld).
Interestingly, the history goes back several years to 2021 when FORCEDENTRY a 0-click remote attack that used a two-part exploit was leveraged to install the Pegasus malware. When details surfaced of how it worked, Emmitt and his team focused their research on how it was able to bypass the iOS sandbox.
Part 1 described the initial exploitation of PDF parsing code and Part 2 laid out the sandbox escape. While much attention was given to the first exploit, we were much more interested in the second as it described a way to dynamically execute arbitrary code in another process which completely sidestepped code signing. It involved NSPredicate, an innocent looking class that allows developers to filter lists of arbitrary objects. In reality the syntax of NSPredicate is a full scripting language. The ability to dynamically generate and run code on iOS had been an official feature this whole time. However, this was just the beginning, as this feature revealed an entirely new bug class that completely breaks inter-process security in macOS and iOS.
As it turns out, there was a project earlier in 2021 that exploited the mechanics of NSPredicate, “See No Eval” by CodeColorist. Since then, Apple had released patches to fix those exploits, but in its research, Trellix discovered new ways to bypass Apple’s fixes.
These mitigations used large denylist to prevent the use of certain classes and methods that could clearly jeopardize security. However, we discovered that these new mitigations could be bypassed. By using methods that had not been restricted it was possible to empty these lists, enabling all the same methods that had been available before. This bypass was assigned CVE-2023-23530 by Apple. Even more significantly we discovered that nearly every implementation of NSPredicateVisitor could be bypassed.
The first flaw that Trellix found in the new class of bugs was in coreduetd, “a process that collects data about behavior on the device.” Here’s how it works:
An attacker with code execution in a process with the proper entitlements, such as Messages or Safari, can send a malicious NSPredicate and execute code with the privileges of this process. This process runs as root on macOS and gives the attacker access to the user’s calendar, address book, and photos. A very similar issue with the same impact also affects contextstored, a process related to CoreDuet. This result is similar to that of FORCEDENTRY, where the attacker can use a vulnerable XPC service to execute code from a process with more access to the device.
The appstored (and appstoreagent on macOS) daemons also possess vulnerable XPC Services. An attacker with control over a process that can communicate with these daemons could exploit these vulnerabilities to gain the ability to install arbitrary applications, potentially even including system apps.
The researchers also found more vulnerabilities in the same class of bugs “that could be accessed by any app, with no entitlements necessary.” One of those was able to “read potentially sensitive information from the syslog” and another could “achieve code execution inside of SpringBoard, a highly privileged app that can access location data, the camera and microphone, call history, photos, and other sensitive data, as well as wipe the device.”
Emmitt says he’s thankful to Apple for quickly fixing the flaws his team discovered. But while anyone who has installed iOS 16.3 and macOS 13.2 is safe against the two specific flaws discovered, Emmitt shared that the “two techniques opened a huge range of potential vulnerabilities that we are still exploring.”
For all the technical details, check out the full post-mortem from Austin Emmitt.
FTC: We use income earning auto affiliate links. More.