In a blog post, Trellix outlined the findings of the Foundation flaw, which include “a large new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escape on both macOS and iOS.” The bug originates from the so-called FORCEDENTRY Sandbox Escape flaw that exploited Apple’s NSPredicate class and was patched in September. CVE-2023-23531: Austin Emmitt, Senior Security Researcher at Trellix ARC.
CVE-2023-23530: Austin Emmitt, Senior Security Researcher at Trellix ARC.Description: The issue was addressed with improved memory handling.Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.Description: A race condition was addressed with additional validation.Impact: A user may be able to read arbitrary files as root.Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later macOS Ventura.
0 kommentar(er)
