top | item 45577921 (no title) devttyeu | 4 months ago And after all that hardcore engineering work is done, iMessage still has code paths leading to dubious code running in the kernel, enabling 0-click exploits to still be a thing. discuss order hn newest aprotyas|4 months ago That's one way to look at it, but if perfection is the only goal post then no one would ever get anywhere. unknown|4 months ago [deleted] wat10000|4 months ago What's the dubious code?Running something in the kernel is unavoidable if you want to actually show stuff to the user. michaelt|4 months ago In ~2020, it was:Attacker sends an imessage containing a PDFimessage, like most modern messaging apps, displays a preview - which means running the PDF loader.The PDF loader has support for the obsolete-but-part-of-the-pdf-standard image codec 'JBIG2'Apple's JBIG2 codec has an exploitable bug, giving the attacker remote code execution on the device.This exploit was purchased by NSO, who sold it to a bunch of middle eastern dictatorships who promptly used it on journalists.https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i... load replies (1) walterbell|4 months ago Disable iMessage via Apple Configurator MDM policy and enable Lockdown Mode. Citizen8396|4 months ago I imagine the latter is sufficient.PS: make sure you remove that pesky "USB accessories while locked allowed" profile that Configurator likes to sneak in. load replies (1) mikevm|4 months ago [deleted] kmeisthax|4 months ago Why would a nation-state actor need access to your kernel when all the juicy stuff[0] is in the iMessage process it's already loaded into?[0] https://xkcd.com/1200/
aprotyas|4 months ago That's one way to look at it, but if perfection is the only goal post then no one would ever get anywhere. unknown|4 months ago [deleted]
wat10000|4 months ago What's the dubious code?Running something in the kernel is unavoidable if you want to actually show stuff to the user. michaelt|4 months ago In ~2020, it was:Attacker sends an imessage containing a PDFimessage, like most modern messaging apps, displays a preview - which means running the PDF loader.The PDF loader has support for the obsolete-but-part-of-the-pdf-standard image codec 'JBIG2'Apple's JBIG2 codec has an exploitable bug, giving the attacker remote code execution on the device.This exploit was purchased by NSO, who sold it to a bunch of middle eastern dictatorships who promptly used it on journalists.https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i... load replies (1)
michaelt|4 months ago In ~2020, it was:Attacker sends an imessage containing a PDFimessage, like most modern messaging apps, displays a preview - which means running the PDF loader.The PDF loader has support for the obsolete-but-part-of-the-pdf-standard image codec 'JBIG2'Apple's JBIG2 codec has an exploitable bug, giving the attacker remote code execution on the device.This exploit was purchased by NSO, who sold it to a bunch of middle eastern dictatorships who promptly used it on journalists.https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i... load replies (1)
walterbell|4 months ago Disable iMessage via Apple Configurator MDM policy and enable Lockdown Mode. Citizen8396|4 months ago I imagine the latter is sufficient.PS: make sure you remove that pesky "USB accessories while locked allowed" profile that Configurator likes to sneak in. load replies (1)
Citizen8396|4 months ago I imagine the latter is sufficient.PS: make sure you remove that pesky "USB accessories while locked allowed" profile that Configurator likes to sneak in. load replies (1)
kmeisthax|4 months ago Why would a nation-state actor need access to your kernel when all the juicy stuff[0] is in the iMessage process it's already loaded into?[0] https://xkcd.com/1200/
aprotyas|4 months ago
unknown|4 months ago
[deleted]
wat10000|4 months ago
Running something in the kernel is unavoidable if you want to actually show stuff to the user.
michaelt|4 months ago
Attacker sends an imessage containing a PDF
imessage, like most modern messaging apps, displays a preview - which means running the PDF loader.
The PDF loader has support for the obsolete-but-part-of-the-pdf-standard image codec 'JBIG2'
Apple's JBIG2 codec has an exploitable bug, giving the attacker remote code execution on the device.
This exploit was purchased by NSO, who sold it to a bunch of middle eastern dictatorships who promptly used it on journalists.
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i...
walterbell|4 months ago
Citizen8396|4 months ago
PS: make sure you remove that pesky "USB accessories while locked allowed" profile that Configurator likes to sneak in.
mikevm|4 months ago
[deleted]
kmeisthax|4 months ago
[0] https://xkcd.com/1200/