[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String Exploit

Author
Google Security Research
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-33125
Category
dos / poc
Date add
15-08-2019
CVE
CVE-2019-8663
Platform
multiple
There is an info leak when decoding the SGBigUTF8String class using [SGBigUTF8String initWithCoder:]. This class initializes the string using [SGBigUTF8String initWithUTF8DataNullTerminated:] even though there is no guarantee the bytes provided to the decoder are null terminated. It should use [SGBigUTF8String initWithUTF8Data:] instead.

While this class is included in iMessage, it is more likely that this bug could be useful in local attacks.

To reproduce this issue:

1) Compile decodeleak.m

clang -o decodeleak -g decodeleak.m -fobjc-arc -framework CoreSuggestionsInternals -F/System/Library/PrivateFrameworks

2) Run:

./decodeleaks obj

leaked memory will be printed to the screen.


Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47257.zip

#  0day.today [2024-12-24]  #