365NEWSX
365NEWSX
Subscribe

Welcome

Apple products vulnerable to FORCEDENTRY zero-day attack – patch now! - Naked Security

Apple products vulnerable to FORCEDENTRY zero-day attack – patch now! - Naked Security

Apple products vulnerable to FORCEDENTRY zero-day attack – patch now! - Naked Security
Sep 14, 2021 1 min, 47 secs

Canadian privacy and cybersecurity activist group The Citizen Lab just announced a zero-day security hole in Apple’s iPhone, iPad and Macintosh operating systems.

The Citizen Lab report coincides with Apple’s own security bulletin HT21807, which credits Citizen Lab for reporting the hole, and says simply:.

Although Citizen Lab specifically claims that the phone it examined was infected via an iMessage communication, Apple’s bulletin describes this PDF-handling bug as existing in the Core Graphics system component, which implies that the vulnerability is not limited to the iMessage app.

This is the same class of flaw as the infamous Y2K bug, where programs that used two digits to store the year would compute the year that followed 1999 as 99+1 = 100, using this as “shortcut” instead of calculating 1999+1 = 2000 in full.

Of course, with only two digits to store the answer, the result would lose the leading 1-digit denoting “one hundred years”, and wrap back round to 00, causing the time and date at the stroke of midnight to shoot backwards by a century instead of advancing by just one second.

But if the programmer forgot to specify a 32-bit number for the number of pixels needed (width × height), and out of habit allocated another 16-bit integer for the result, then even an image of, say, 1000×1000 pixels would cause serious trouble.

The product of 1000×1000 should come out at 1,000,000 pixels, or 0xF4240 in hexadecimal, but that number requires 20 bits to store in full, or 5 hexadecimal digits, because of integer overflow.

If that answer gets shoehorned into a 16-bit integer, the 0xF at the start of the number gets discarded, leaving just four hex digits (16 bits), so the computed “image size” wraps around to 0x4240 in hex, like a old-school car speedo that’s gone past 99,999 kilometres and started again from zero.

This second zero-day hole was found in Apple’s web rendering software, WebKit, which forms the heart of the built-in Safari browser on all Apple operating systems.

We have no idea whether the two bugs in this story are related – the Citizen Labs report mentions only CVE-2021-30860, and the WebKit CVE-2021-30858 flaw is credited simply to “an anonymous researcher”.

Summarized by 365NEWSX ROBOTS

RECENT NEWS

SUBSCRIBE

Get monthly updates and free resources.

CONNECT WITH US

© Copyright 2024 365NEWSX - All RIGHTS RESERVED