[HN Gopher] AirBorne: Wormable zero-click remote code execution ...
___________________________________________________________________
AirBorne: Wormable zero-click remote code execution (RCE) in
AirPlay protocol
Author : throw0101a
Score : 44 points
Date : 2025-04-29 13:09 UTC (9 hours ago)
(HTM) web link (www.oligo.security)
(TXT) w3m dump (www.oligo.security)
| throw0101a wrote:
| CVE-2025-24252 and CVE-2025-24132 are two examples. Doing a
| search for "Oligo" in release notes gives various other results,
| e.g.,
|
| * https://support.apple.com/en-ca/122374
|
| Apple fixed their stuff, but third-parties who used their SDK
| will have to issue updates as well.
| abhisek wrote:
| Very curious about the exploitation of CVE-2025-24252, a use-
| after-free (UAF) using which they achieved zero-click RCE on
| MacOS. This is inspite of ASLR and heap exploitation mitigations
| in place to mitigate such vulnerability classes
|
| https://security.apple.com/blog/towards-the-next-generation-...
| hammock wrote:
| On ASLR: you might use the UAF to access memory regions you
| shouldn't have access to. By reading the contents, they can
| potentially leak pointers to a critical library (e.g., libc),
| allowing them to calculate the offsets to bypass ASLR.
|
| On heap protection: if you spray the heap with predictable data
| patterns you can improve your chance of landing a useful
| address, even with ASLR in place
| rubatuga wrote:
| Good thing I'm still on macOS 12
| slama wrote:
| macOS 12 is EOL and is no longer receiving security updates.
|
| There's a strong chance it's vulnerable, too
___________________________________________________________________
(page generated 2025-04-29 23:01 UTC)