Apple fixed hundreds of bugs, 223 to be exact, across a slate of products including macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday.
More than a quarter of the bugs, 40 in macOS Sierra, and 30 in iOS, could lead to arbitrary code execution – in some instances with root privileges, Apple warned.
The lion’s share of the vulnerabilities patched Monday, 127 in total, were fixed in the latest version of macOS Sierra, 10.12.4.
Ian Beer, a researcher with Google’s Project Zero group, uncovered seven of the vulnerabilities, including six that could have enabled an application to execute arbitrary code with kernel privileges. South Korean hacker Jung Hoon Lee, perhaps better known in hacking circles by his handle Lokihardt, is credited for finding two vulnerabilities as well – one in the kernel and one in WebKit. Lokihardt, a veteran of Pwn2Own competitions, joined Project Zero in December 2016.
The update also fixed a memory corruption issue that stemmed from how certificates were parsed. The bug, technically a use-after-free vulnerability, existed in the X.509 certificate validation functionality present in macOS and iOS. According to Aleksandar Nikolic, a researcher with Cisco’s Talos Security Intelligence and Research Group who found the bug, an attacker with a specially crafted X.509 certificate could have triggered it and carried out remote code execution. Nikolic claims a victim could either be tricked several ways – a user could get served a malicious cert via a website, by the Mail app connecting to a mail server that contains a malicious cert, or by opening a malicious cert to import into the keychain.
Talos claims it verified the most recent versions of macOS Sierra, 10.12.3, and iOS, 10.2.1, are vulnerable. Older versions of the operating systems are likely affected too, the firm claims.
Apple was targeted multiple times over the course of the Pwn2Own. Hackers with Qihoo’s 360 Security also exploited Safari with an integer overflow, and escalated to root through a macOS kernel use-after-free on the second day. The team also used an info leak and race condition in macOS’ kernel to exploit the operating system. Judging from Apple’s advisory, none of the bugs appear to be fixed yet.
Source: threadpost