This is used to prevent the kernel from dereferencing attacker-supplied pointers to data structures in userspace. The remaining vouchers on the page are freed and a zone garbage collection is forced, leaving a, : The dangling voucher is reallocated by an, is called to obtain a send right to a newly allocated voucher port for the voucher, which causes a pointer to the voucher port to be stored in the fake voucher overlapping the, property discloses the address of the voucher port. IPC Voucher UaF Remote Jailbreak Stage 2 (EN), : The kernel heap is groomed to put a block of, allocations directly before a block of pipe buffers. To avoid doing so, deduplication functions are implemented. When used with the MACH_VOUCHER_ATTR_REDEEM command user_data_get_value() fetches the value from a previous voucher (or from the forming one). Indeed if sync does not equals to elem->e_made, elem is not freed. February 13, 2021. Next we will look at some current iOS kernel exploit mitigations. The non-PAC exploit is substantially simpler (hijacking a function pointer used by, CVE-2019-8605 is a use-after-free due to XNU's. Furthermore, extensive use of PAC-protected pointers in IOKit has made it significantly harder to turn many bugs into useful primitives. When used with the MACH_VOUCHER_ATTR_USER_DATA_STORE command, a new user_data_element_t is created by user_data_get_value() unless a duplicate already exists. This fact also explain why we get the same voucher_t port when we create the same voucher twice. The vulnerable method is called once more to free the OOL ports and the slot is reallocated with another, buffer containing two pointers to the Mach port. As of May 2020, PPL has not been publicly bypassed. pointer to the subsequent page. So feel free to experiment with it. This seeks to mitigate exploits that hardcode addresses at which objects will be deterministically allocated. The Mach vouchers are not the most manifest concept of XNU, so let's start by giving a little introduction to them. The header contains a pointer to itself, disclosing the address of the replacement, allocation. For example, exploits in the past have used a kernel execute primitive in order to build a kernel read/write primitive (see e.g. This is because the increment is not atomic. Supported iOS 7.0 to 7.1b3 - all iDevices except ATV Decided to RE the kernel exploit of the jailbreak Not only the bug, but the techniques too! : CVE-2016-7644 is a race condition in XNU's. Before Kernel ASLR was implemented, the addresses of kernel functions and objects in the kernelcache image were always located at a fixed address. This gives a, controlled 240-byte out-of-bounds read/write primitive, is placed after the corrupted one and read in order to determine the address of the allocations. The general idea is that under normal operations, elem->e_made should match ivace->ivace_made. The port is checked to be of the expected type using the arbitrary read primitive. and kernel structures: Kernel ASLR Address Space Layout Randomization Defeat: DATE?? Exploiting the vulnerability required to understand and trigger another (legitimate) race condition. In-the-wild iOS Exploit Chain 5 - iOS 12.1.2, : The dangling voucher is reallocated by an OOL memory spray. Exploit flow: Still under analysis. The exploit can be used to take complete control of the kernel, which means it could also be useful for a jailbreak. which leads to a Mach port being over-released. But now there’s a new kernel exploit in town, and it impacts later iterations of iOS. Any exploit after iOS 10.3 needs to build a fake kernel task port instead. The exploit presented here is for PAC-enabled devices. It works by converting the bits in the PTE that typically directly specify the access permissions into an index into a special register containing the true access permissions; changing the register value swaps protections on all pages mapped with the same access permissions index. The fake socket is constructed to have a reference count of 0. A packet is sent and stored in the buffer, overflowing into a subsequent OOL ports array and inserting a pointer to a fake Mach port in userspace. According to tweets sent out by the the developer his exploit works on iPhone 11 Pro Max running on recently released iOS 13.6.1. Starting from the disclosed port pointer, kernel memory is read to find relevant kernel objects. Security researcher ModernPwner recently made public cicuta_virosa – a new kernel-level local privilege escalation exploit for iOS 14.3 and below operating systems. If you’re on iOS 14, stay on the lowest version possible. TL/DR: You have to race twice to exploit the bug, the PoC is at the end or there. Then, the data buffer is freed and reallocated with a modified version of the, , such that calling an external method on the modified user client will return the address of the kernel task read from the kernel's, segment. A mach voucher is a kernel object used to store and represent an immutable resource. A send right to the voucher port is retrieved by calling, and the voucher's reference count is increased by repeatedly calling the vulnerable function, updating the overlapping, pointer to point into the pipe buffers. The dangling port is then reallocated with pipe buffers and converted into a kernel read primitive using, . None of the exploits in this list are affected by the presence of stack canaries as they do not target stack buffer overflow vulnerabilities. This 3-argument arbitrary, is used to read and write arbitrary memory by calling, : iOS 10.3 introduced the initial form of. Therefore, it remains in the primary memory longer than necessary. It takes into account the command and the provided content or previous voucher to shape a forming voucher. But then, by looking at the code, it is not really obvious how this can be leveraged to reach a potential Use-After-Free situation. A large number of, objects are sprayed and the vulnerability is triggered to decrease the reference count on a voucher and free it. At the end of this post, we will briefly look at iOS kernel exploit mitigations (in both hardware and software) and how they map onto the techniques used in the exploits. The, object is freed and reallocated with controlled data using an, property spray. Focus on … Finally, the fake port is converted into a, In-the-wild iOS Exploit Chain 2 - IOSurface, : Mach ports are sprayed and a reference on one port is dropped using the vulnerability. That segment is freed and port B is reallocated with pipe buffers, giving a controlled fake Mach port at a known address. So far, we know that ivace->ivace_made is incremented in ivace_reference_by_value(). We spent some time figuring this out, and this blog post presents our results and a PoC to trigger the vulnerability. Receiving the OOL ports yields a, send right to a fake Mach port whose contents can be controlled directly, is called to insert a pointer to an array containing a pointer to another Mach port in the fake port's, field. The OOL ports array is reallocated with another, buffer, inserting pointers to the fake task ports sprayed earlier into the OOL ports array. : The vulnerability is a double-free reachable from. The This key is used to specify which attribute a function should work on, but more on that later. A common exploit primitive specific to iOS kernel exploitation is having a send right to a fake Mach port (struct. ) Each pointer is corrupted to point, allocation, creating 4096-byte holes spanning 2 messages. A recipe is made of a command, an attribute key and usually a content or a reference to a previous_voucher (but it could be both). is called on one of the dangling ports to disclose the address of the host port. Analysis and exploitation of the iOS kernel vulnerability CVE-2021-1782, Kubernetes namespaces isolation - what it is, what it isn't, life, universe and everything, https://github.com/synacktiv/CVE-2021-1782, The upper and generic voucher layer, responsible for the bookkeeping (counting and storing the reference) and the IPC (handling the userland/kerneland port translation). Zone garbage collection is forced by calling, and the page containing port A is reallocated with an OOL ports spray containing a pattern such that port A's, field overlaps a pointer to port B. A few days ago Apple released iOS 14.4, which mainly fixed security issues. The corrupted port is freed by calling, : A zone garbage collection is forced and the dangling port is reallocated with an OOL ports array containing a pointer to another Mach port overlapping the, field, so that the address of the other port is retrieved by calling, . The dangling port is reallocated with pipe buffers. In the voucher lingo, these different resources are referred as attributes. For todays' blog post we will only focus on the user_data type of voucher that is used to store... user data as plain text. cicuta_virosa makes use of greatest practices for iOS exploitation and will work with out issues on all units iOS 12.0 – 14.3 (and 14.3 RC). This frees the pipe buffer that was just allocated into that slot, leaving a, : The slot is reallocated again with a preallocated, . Now we can come back to the patch of user_data_get_value(). It would still be wise to save blobs just in case. The kernel exploit will only work on pre-A12 devices i.e. : The "LightSpeed" vulnerability (same as above). The target port is freed and a zone garbage collection is forced, leaving a dangling port pointer in the OOL ports array. by modifying page tables and injecting shellcode); instead, exploitation is achieved by modifying kernel data structures and performing code-reuse attacks instead. containing the fake port is freed and reallocated as a normal Mach port. This vulnerability was used as a part of an iOS exploit chain. Using this value, it is possible to guess the page on which the kernel task port lives. Well, let's see user_data_release_value() which is responsible for the release of user_data_element_t. Reading the special port from userspace gives a send right to the, In-the-wild iOS Exploit Chain 1 - AGXAllocationList2::initWithSharedResourceList heap overflow, : CVE-2017-2370 is a linear heap buffer overflow reachable from unprivileged contexts in XNU's, due to an attacker-controlled userspace pointer used as the length in a call to, : The vulnerable Mach trap is called to create a, allocation and immediately overflow out of it with controlled data, corrupting the, , which is the preallocated message for a Mach port, to believe that it has a larger capacity than it does, overlapping it with the first 240 bytes of the subsequent allocation. The fake port is converted into a fake task port and a kernel read primitive is established using, In-the-wild iOS Exploit Chain 4 - cfprefsd + ProvInfoIOKit. :). Apple iOS < 10.3.1 - Kernel. Donefeld created the fully chained iOS kernel exploit - which he dubbed ZIVA - by linking together the seven vulnerabilities he found in … A kernel read primitive is built by reallocating the, buffer to convert the fake port into a fake task port and calling, to read arbitrary memory. Most of the implementation of the vouchers is located in /osfmk/ipc/ipc_voucher.c source file. : The target 56-byte allocation is created and freed, leaving the dangling pointer intact. We will not cover everything, but we will try to give enough information to understand why an UaF is not simply reachable. and the page of dangling ports is reallocated with an out-of-line (OOL) ports array containing pointers to the host port. : The KASLR slide is discovered using the, buffers containing fake task ports are sprayed using, properties. Cox has confirmed that he will share the link when he releases details of the kernel exploit when he was asked if he will release the kernel bug on Twitter. Test Environment. of the iOS kernel's PAC-based CFI, PAC in the kernel is still an effective exploit mitigation: it has severely restricted exploitability of many bugs and killed some exploit techniques. It quickly became public information (@s1guza) that CVE-2021-1782 was due to a lack of locks in user_data_get_value() in the voucher implementation. and racing to free the buffer twice. With MACH_VOUCHER_ATTR_REDEEM, a user_data_element_t is reused. Here’s another interesting tidbit from the Chaos exploit writeup: The string buffer is freed and reallocated again with a fake task port sufficient to remap the string buffer into the process's address space. using kernel read/write to overwrite a userspace process's executable code). With the move to 64-bit, the address spaces were no longer separated. If the considered voucher had a value, it could either come from the, Thread 2: Create a new user_data voucher with, Thread 2 returns, providing the userland with a new. Although the kernel locks down the user land very tightly previous research has not focused on exploiting the iOS kernel. The exception message is received and the pipe is rewritten to convert the fake port into a kernel read primitive using, . APRR on its own does not provide any security boundaries, but it makes it possible to segment privilege levels inside a single address space. Preliminary results suggest that the freed, : The unc0ver exploit was released as an obfuscated binary; a more complete analysis of the exploit strategy and exploit flow will be released after the. Two weeks ago, CVE-2021-1782 was fixed by Apple. We have: Then we will try to do the following actions in a race: If everything triggers correctly we might have the sequence: It is worth pointing out that this second race is totally legitimate and not a bug in itself. Receiving the OOL ports in userspace gives a, receive right to a fake Mach port whose contents can be controlled directly, : A second Mach port is registered as a notification port on the fake port, disclosing the address of the second port in the fake port's, field. To do so, let's  consider the case where the vulnerability was triggered on user_data_element_t U0 associated with the ivac_entry_t IVAC0 on the voucher_t V0 Relevant kernel objects are located and the fake port is converted into a fake map port to remap the fake port into userspace, removing the need to reallocate it. However, the way the vouchers store their entries on that upper level is not really relevant to the study of CVE-2021-1782, so we will pass on it. Once the port is found, the hole is reallocated by spraying preallocated, structs and a message is placed in each. Analyzed by Ian Beer and Samuel Groß. This means that page tables no longer map kernel code pages as writable, and the kernel heap and stack are no longer mapped as executable. You have been forewarned. : The Mach port address disclosure primitive is used to disclose the address of the current task. and kernel structures: Kernel ASLR Address Space Layout Randomization Defeat: DATE?? Instead, that boundary occurs between conceptual layers in the exploit code. A page of ports is allocated and a specific port from that page is selected based on its address. For more details on how attributes manager are registered please see the code of ipc_register_well_known_mach_voucher_attr_manager(). It is similar to the Supervisor Mode Access Prevention (SMAP) feature on some Intel processors. Last, but not least, a control port (ipc_voucher_attr_control_t) is also linked with each attributes but this is out of this post's scope. The kernel heap is groomed into a pattern of alternating blocks for the zones of, freelist. The, buffer is freed and reallocated to convert one of the fake ports into a. : iOS versions up to 13.1.3 were vulnerable, but the exploit presented here targeted iOS 12.4.1. : A capability granted during an exploit that is reasonably generic. Clément Lecigne. Keywords: iOS kernel exploits, iOS, iphone, kernel exploitation, kernel heap feng shui 1 Introduction Papers about iPhone exploitation have concentrated on the generation of sophisticated user land payloads that can be used to attack jailbroken and factory iPhones. : (Analysis pending.) Indeed, by issuing two host_create_mach_voucher() and the command MACH_VOUCHER_ATTR_REDEEM, we might be able to "skip" an increment. CVE-2017-13865 is a vulnerability in XNU's. In-the-wild iOS Exploit Chain 2 - iOS 10.3.3. : Two Mach ports, port A and port B, are allocated as part of a spray. : The vulnerability is a race condition in XNU's UNIX domain socket bind implementation due to the temporary unlock antipattern that results in a use-after-free. it will not work on the iPhone XS, iPhone XS Max, or the iPhone XR. Finally, In-the-wild iOS Exploit Chain 5 - task_swap_mach_voucher, In-the-wild iOS Exploit Chain 4 - iOS 12.1.3. The description for PPL was updated to clarify that it primarily protects userspace processes, as the kernel's code is protected by KTRR. The exploit, dubbed 'cicuta_virosa', was … This issue affected XNU as early as 2013, and was reported by me to Apple on March 2019. It is used during a voucher creation, to get a user_data_element_t from that layer. CVE-2016-1719 . The arbitrary, primitive is used to free the pipe buffer for the other pipe, and the pipe buffer is reallocated by spraying OOL ports arrays. Thus, the Privileged Execute-Never (PXN) bit was set in page table entries to ensure that the kernel could not execute shellcode residing in userspace pages. iOS hacker @08Tc3wBB has announced that he has a kernel exploit that can potentially be used for a jailbreak. The dangling, is called to read 20 bytes of data from the address pointed to by, primitive: The vulnerability is triggered multiple times to create a number of dangling, The arbitrary Mach port address disclosure primitive: The vulnerability is triggered multiple times to create a number of dangling, are reallocated with an OOL ports array spray containing pointers to the target port. That is because there is 5120 bytes maximum (see mach_voucher_extract_attr_recipe_trap() and user_data_extract_content()). (Thanks to Brandon Azad (@_bazad) for the helpful iosurface.c !). This allocator uses the kalloc allocator under the hood, and will therefore a heap overflow of this object will … When speaking about Cloud, containers, orchestration and that kind of things, Kubernetes is the name that comes to mind. Beside, it turns out that the vulnerability is really stable and quick to trigger. The sysctls are overwritten such that reading the first sysctl calls, to update the function pointer and arguments for the second sysctl and reading the second sysctl uses the, gadget to call the kernel function with 3 arguments. This blog post aims to explain how an exploit is possible while providing a PoC. iOS 14.3 kernel LPE released for iOS 14.3. , modern public iOS kernel exploits usually work around KTRR by not manipulating KTRR-protected memory. ) Working around kernel heap randomization is a standard step of modern iOS kernel exploits. Also, many vulnerabilities can be leveraged to produce an information leak, disclosing the addresses of relevant kernel objects on the heap. hasn't been destroyed, for example because a process still holds a right to it). When the race is won, the double-free can cause the OOL ports array to be freed, and the subsequent spray can reallocate the slot with a fake OOL ports array. The last instance involved iOS & iPadOS 13.3.1 and transpired back in March. is an ARMv8.3-A security feature that mitigates pointer tampering by storing a cryptographic signature of the pointer value in the upper bits of the pointer. It was used after the Safari RCE (CVE-2020-27930) and the kernel memory disclosure (CVE-2020-27950). The inner layer specific to an attribute and handled by the attribute manager. ivace_next and ivace_index are indexes, used to retrieve the ivac_entry_t from different tables. Bypassing or working around KASLR is a standard step of all modern iOS kernel exploits. (turning a send right to a fake Mach port into an arbitrary kernel memory read primitive). A message is received on the Mach port in userspace, copying out the contents of the, object, from which the vtable is used to determine the KASLR slide. It is a strong form of W^X protection enforced by the MMU and the memory controller over a single span of contiguous memory covering the read-only parts of the kernelcache image and some sensitive data structures like top-level page tables and the trust cache. ... recently discovered in iOS after a … This changed the common structure of past exploits whereby a port would be freed while a process still held a right to it. The string buffer is freed and reallocated such that, can be used as a 4-byte arbitrary read primitive, with the target address to read updateable via, technique, but with slightly different constraints.) (Ensuring that non-code data is not mapped as executable is often called Data Execution Prevention, or DEP.). The fake port is next converted into a fake task port and a kernel read primitive is established using, In-the-wild iOS Exploit Chain 3 - XPC + VXD393/D5500 repeated IOFree, Vulnerability analysis and POC by Luca Moro (, ) at Synacktiv. Relevant kernel objects are located and a fake kernel task port is constructed in one of the pipe buffers. This necessarily means that PPL must also maintain total control over the page tables and prevent an attacker from mapping sensitive physical addresses, including page tables, page table metadata, and IOMMU registers. The exploit author stated that on iOS 14.3, kernel panics can occur due to Apple’s newly implemented exploit mitigations.