iPhone owners urgently need to update their operating systems, after security researchers revealed that last week’s release of iOS 16.5 and iPadOS 16.5 patches an additional security vulnerability that potentially exposes mobile users to a new class of attack. One that takes advantage of co-processors to access the kernel.
The vulnerability, known as ColdInvite (CVE-2023-27930), follows a previously mitigated vulnerability dubbed ColdIntro (CVE-2022-32894). Both vulnerabilities enable attackers to escape the co-processor’s secure “island environment” (chips that help the main processor complete tasks more quickly). Attackers can use these chips to access the iPhone’s kernel, which is an essential part of the device’s operating system.
Apple released an initial patch for ColdIntro in August 2022 via iOS 15.6.1. Upon analyzing the patch, security specialist Jamf Threat Labs discovered that it addressed the exploitability of the vulnerability, but did not immediately address the underlying co-processor issue. However, because Apple rewrote large parts of the coprocessor software in later OS versions, Jamf Threat Labs told me they suspect the problem is no longer an issue.
However, in the process of analyzing ColdIntro, the researcher discovered a flaw that he called ColdInvite. ColdInvite allows an attacker to escape from a shared process and initiate memory corruption in the Application Processor (AP), a potentially critical building block in an exploit chain.
Jamf Threat reported ColdInvite, which affects iPhone 12 and later models, to Apple, and was patched in iOS 16.5 and iPadOS 16.5. This allowed the researcher to publicly reveal the discovery today.
Speaking with a Jamf Threat Labs researcher who preferred to remain anonymous, they warned me, “This is a new type of attack, which can be very dangerous… We expect that more co-processor attacks and escaping vulnerabilities will appear in the future.”
While news like this is likely to cause concern to iPhone and iPad owners, it’s worth noting that Apple has already taken proactive steps to increase the security of its devices with the release of new Rapid Security Response updates. These are custom security patches that can be quickly released and installed on iPhone, iPad, and Mac devices with minimal disruption to the user experience.
It’s worth noting that security patches in Rapid Security Response builds were later added to iOS updates (iOS 16.5 contains two patches from iOS 16.4.1 (a) Rapid Security Response), so Apple leaves nothing to chance. However, the weak link can still be the end user, so iPhone and iPad owners are more proactive than ever in updating their devices.
More on Forbes
#warning #iOS #update #issued #millions #Apple #iPhone #users