|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "CVE-2021-30773"
m |
m |
||
| (One intermediate revision by one other user not shown) | |||
| Line 17: | Line 17: | ||
This seems unlikely to be related to "code signature validation". |
This seems unlikely to be related to "code signature validation". |
||
| + | It turns out the bug is only present in arm64e, which is why diffing arm64 binaries didn't find anything... |
||
| − | It's all weird enough that it's even possible that Apple screwed up the vulnerability description, |
||
| − | and 30773 is either unrelated to code signing or unrelated to IDS. |
||
| − | This vulnerability is apparently used in [https://twitter.com/LinusHenze/status/1437481492708532226 |
+ | This vulnerability is apparently used in [[Fugu14]]. <ref>https://twitter.com/LinusHenze/status/1437481492708532226</ref> |
| − | |||
| − | Research continues... |
||
[[Category:Exploits]] |
[[Category:Exploits]] |
||
Latest revision as of 16:11, 10 March 2022
|
This exploit article is a "stub", an incomplete page. Please add more content to this article and remove this tag. |
In July 2021, Apple released iOS 14.7, and the security notes mention:
- Identity Service
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A malicious application may be able to bypass code signing checks
- Description: An issue in code signature validation was addressed with improved checks.
- CVE-2021-30773: Linus Henze (pinauten.de)
Diffing 14.6 and 14.7 shows no changes in IDS frameworks,
and the only change in the identityservicesd daemon is in
IDSIDStatusQueryController, methods _loadCache and _saveCache.
This seems unlikely to be related to "code signature validation".
It turns out the bug is only present in arm64e, which is why diffing arm64 binaries didn't find anything...
