Difference between revisions of "CVE-2021-30773"

From The iPhone Wiki
Jump to: navigation, search
(Created page with "{{stub|exploit}} In July 2021, Apple released iOS 14.7, and the [https://support.apple.com/HT212601 security notes] mention: : '''Identity Service''' : : Available for: iPhon...")
 
m
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{stub|exploit}}
 
{{stub|exploit}}
In July 2021, Apple released iOS 14.7, and the [https://support.apple.com/HT212601 security notes] mention:
+
In {{date|2021|07}}, Apple released iOS 14.7, and the [https://support.apple.com/HT212601 security notes] mention:
   
 
: '''Identity Service'''
 
: '''Identity Service'''
Line 17: Line 17:
 
This seems unlikely to be related to "code signature validation".
 
This seems unlikely to be related to "code signature validation".
   
  +
It turns out the bug is only present in arm64e, which is why diffing arm64 binaries didn't find anything...
It's all weird enough that it's even possible that Apple screwed up the vulnerability description,
 
and 30773 is either unrelated to code signing or unrelated to IDS.
 
   
This vulnerability is apparently used in [https://twitter.com/LinusHenze/status/1437481492708532226 Linus Henze's untethered jailbreak PoC].
+
This vulnerability is apparently used in [[Fugu14]]. <ref>https://twitter.com/LinusHenze/status/1437481492708532226</ref>
 
Research continues...
 
   
 
[[Category:Exploits]]
 
[[Category:Exploits]]

Latest revision as of 16:11, 10 March 2022

Tango Utilities-terminal.png This exploit article is a "stub", an incomplete page. Please add more content to this article and remove this tag.

In July 2021, Apple released iOS 14.7, and the security notes mention:

Identity Service
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to bypass code signing checks
Description: An issue in code signature validation was addressed with improved checks.
CVE-2021-30773: Linus Henze (pinauten.de)

Diffing 14.6 and 14.7 shows no changes in IDS frameworks, and the only change in the identityservicesd daemon is in IDSIDStatusQueryController, methods _loadCache and _saveCache. This seems unlikely to be related to "code signature validation".

It turns out the bug is only present in arm64e, which is why diffing arm64 binaries didn't find anything...

This vulnerability is apparently used in Fugu14. [1]