A buffer overflow in the XNU kernel
CVE-2024-27815 is a buffer overflow bug in XNU kernel affecting macOS, iOS, and visionOS. Apple swiftly released xnu-10063.121.3 to fix the issue, impacting kernels with CONFIG_MBUF_MCACHE. The bug allows attackers to trigger a crash by copying data beyond allocated space.
Read original article
CVE-2024-27815 is a buffer overflow bug in the XNU kernel affecting macOS, iOS, and visionOS. The issue, found in sbconcat_mbufs, was introduced in xnu-10002.1.13 and fixed in xnu-10063.121.3. The bug impacts kernels with CONFIG_MBUF_MCACHE. The PoC code TURPENTINE.c triggers the exploit by copying data beyond the allocated space, potentially leading to a crash. Apple swiftly responded by releasing xnu-10063.121.3 with the fix. The bug's timeline includes its disclosure in early 2024 and subsequent fixes in macOS 14.5 and iOS 17.5. The fix corrects the comparison in sbconcat_mbufs, ensuring the proper handling of data lengths. The exploit allows an attacker to control specific fields in the mbuf's header, potentially causing a general protection fault in the kernel. The proof of concept demonstrates the vulnerability by overwriting the m_hdr of the next mbuf in memory. Apple's security advisories provide further details on the issue and its resolution.
Related
Spending 3 months investigating a 7-year old bug and fixing it in 1 line of code
A developer fixed a seven-year-old bug in an iPad accessory causing missed MIDI messages by optimizing a modulo operation. The bug's resolution improved the audio processor's efficiency significantly.
The First Spatial Computing Hack
Ryan Pickren found a Safari bug letting websites flood a user's space with 3D objects. Apple fixed it (CVE-2024-27812) in June after Ryan's report. The bug exploited Apple AR Kit Quick Look, launching objects without consent.
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
I found an 8 years old bug in Xorg
An 8-year-old Xorg bug related to epoll misuse was found by a picom developer. The bug caused windows to disappear during server lock, traced to CloseDownClient events. Despite limited impact, the developer seeks alternative window tree updates, emphasizing testing and debugging tools.
Arbitrary shell command evaluation in Org Mode (GNU Emacs)
A vulnerability in Emacs Org mode allowed arbitrary shell command execution. A fix in Emacs 29.4 and Org 9.7.5 prevents unsafe code evaluation in link abbreviations, advising users to apply the patch.
4 commentsAlso, this has been public for months:
- February 17, 2024: I posted the hash of TURPENTINE.c to X on Feb 17, 2024.
- May 13, 2024: macOS Sonoma 14.5 (23F79) shipped with xnu-10063.121.3, the first public release containing a fix.
Related
Spending 3 months investigating a 7-year old bug and fixing it in 1 line of code
A developer fixed a seven-year-old bug in an iPad accessory causing missed MIDI messages by optimizing a modulo operation. The bug's resolution improved the audio processor's efficiency significantly.
The First Spatial Computing Hack
Ryan Pickren found a Safari bug letting websites flood a user's space with 3D objects. Apple fixed it (CVE-2024-27812) in June after Ryan's report. The bug exploited Apple AR Kit Quick Look, launching objects without consent.
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
I found an 8 years old bug in Xorg
An 8-year-old Xorg bug related to epoll misuse was found by a picom developer. The bug caused windows to disappear during server lock, traced to CloseDownClient events. Despite limited impact, the developer seeks alternative window tree updates, emphasizing testing and debugging tools.
Arbitrary shell command evaluation in Org Mode (GNU Emacs)
A vulnerability in Emacs Org mode allowed arbitrary shell command execution. A fix in Emacs 29.4 and Org 9.7.5 prevents unsafe code evaluation in link abbreviations, advising users to apply the patch.