CVE-2023-41060: Type Confusion Vulnerability Fixed in macOS Sonoma 14, iOS 17, and iPadOS 17

A new vulnerability labeled CVE-2023-41060 has been discovered which affects earlier versions of macOS, iOS, and iPadOS. This vulnerability, if exploited, could allow a remote user to execute kernel-level code on a target device, potentially giving them full control over the device. This post will provide details of the vulnerability, a code snippet demonstrating the issue, and links to relevant references for further information. Moreover, it will outline the steps to protect your devices from possible exploitation.

Vulnerability Details (CVE-2023-41060)

The type confusion vulnerability addressed in this update is related to insufficient checks for specific object types in the macOS, iOS, and iPadOS kernels. An attacker who can exploit this vulnerability can cause arbitrary code execution in the kernel, potentially compromising the target device. This could lead to data loss or leakage, unauthorized access, or the installation of malicious software.

The issue has been fixed in macOS Sonoma 14, iOS 17, and iPadOS 17 with improved checks in place to prevent such type confusion.

Code Snippet Example

The following code snippet demonstrates a sample exploit that could take advantage of the type confusion vulnerability:

#include <stdio.h>
#include <stdlib.h>

typedef struct {
    char name[20];
    void (*func)(void);
} Object;

void malicious_function() {
    printf("Kernel code execution!\n");
}

void harmless_function() {
    printf("Harmless function called.\n");
}

int main() {
    Object *obj1 = malloc(sizeof(Object));
    Object *obj2 = malloc(sizeof(Object));

    obj1->func = harmless_function;
    obj2->func = malicious_function;

    // Type confusion occurs here:
    *((void )obj1) = *((void )obj2);

    // Call the function pointer, which now points to the malicious function:
    obj1->func();

    free(obj1);
    free(obj2);

    return ;
}

In the example above, two objects of the same type are created, one of which points to a malicious function, while the other points to a harmless function. Due to the type confusion vulnerability, an attacker can make the object pointing to the harmless function execute the malicious function instead.

For more information about the CVE-2023-41060 vulnerability, visit the following resources

* Original Advisory
* National Vulnerability Database (NVD) Entry

Protecting Your Devices

To protect your devices from this vulnerability, it is recommended to update to the latest versions of macOS, iOS, and iPadOS.

For iPadOS, open Settings > General > Software Update and install iPadOS 17.

By updating your devices to the latest version, you can ensure that the type confusion vulnerability has been patched, and your devices will be protected against potential exploitation.

Conclusion

The discovery of the CVE-2023-41060 type confusion vulnerability highlights the importance of continuously updating your devices to the latest software versions. By remaining vigilant and applying software updates as necessary, you can mitigate the risk associated with this and other vulnerabilities, keeping your devices secure and protecting your sensitive data.

Timeline

Published on: 01/10/2024 22:15:49 UTC
Last modified on: 01/16/2024 23:51:58 UTC