POC for 0-day CVE-2023-28206 Flaw Affecting macOS & iOS Published

CVE-2023-28206 PoC
Photo by Szabo Viktor on Unsplash

Last week, Apple released security updates addressing two newly discovered zero-day vulnerabilities (CVE-2023-28205 and CVE-2023-28206) actively exploited in their products. Today, the security researcher @LinusHenze unveiled a proof-of-concept (PoC) exploit for the CVE-2023-28206 flaw, revealing an out-of-bounds memory move in IosaColorManagerMSR8::getHDRStats_gatedContext.

This critical vulnerability poses a significant risk to Apple macOS Ventura and iOS/iPadOS users, as it enables a local attacker to gain elevated privileges on the system. The security flaw stems from an out-of-bounds write in the IOSurfaceAccelerator, allowing a malicious actor to execute arbitrary code with kernel privileges by utilizing a specially crafted application.

The IOSurface framework, commonly employed to enhance security, provides a framebuffer object capable of sharing across process boundaries. It allows applications to offload complex image decompression and drawing tasks into a separate process. IOSurfaceAccelerator, an object within the IOSurface framework, manages hardware-accelerated transfers and scales between IOSurfaces.

Apple said it addressed CVE-2023-28206 with improved input validation, adding it’s aware the bugs “may have been actively exploited.

Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab are credited with discovering the vulnerabilities. Apple users are urged to update their devices as soon as possible to protect themselves against potential exploitation.

As the PoC for CVE-2023-28206 becomes public, users must remain vigilant and prioritize device updates.