Tuesday, 17 May 2016

Buffer over flow Vulnerability in iOS 9.3.1 below versions

                 I tried to find a bug in iOS 9.2. in all platforms like ipod, iphone, ipad.  After few tries i found an buffer over flow bug which is causes to boot loop in iphone and the bug will effects from the processor with the help of keyboard. The keyboard will not work when we are trying to text any thing in text message or any other app and even we can't access the lock-screen to unlock the phone. This will effects from the processor. So, these all will effects occurs. And that boot loop also never stops until decrease the total power in iphone.

             While am testing first am open the notepad. And i write the characters (emotions symbols) with the use of emoji keyboard. While writing that characters after some long it goes normal and keys also working properly on keyboard. But when i tried to write more and also when i try to copied all that entire characters. The processor is not handling that string which i loaded into processor with the help of copy option. That string will be handled by processor to copy the information to some other area. So, that time the bug is occurring then that bug is starting the boot loop. And i tried  in many ways to test that with the security lock also. While trying to touch any key to unlock the phone then again its restarting the OS. ( It continuously occurring like as a loop.) 

       And  also when i tried without security lock also. At that time when i am using any app with the help of keyboard again the bug is starting the boot loop. So, this buffer over flow starting from the keyboard which handles by the processor from the kernel level memory. So, i tested all the apps which are enable with the keyboard. When am trying to open any kind of app which are having the keyboard as input. This bug will be occurring. ex: messaging, face time, notes, search bar, reminders, mail, even while dialling in the phone and other private apps too(whatsapp, viber, skype, etc). This buffer overflow effecting from the keyboard and processor from kernel level memory laayout.  The processor can't handles the heavy characters which are having 20,000 to 20,500 characters in the size of (40kb or 80kb) even. you can check the P0C.
               So, i reported to the apple security team with proof-of-concept. they patched that vulnerability recently with the new update ios version 9.3.2 on all platforms. they mentioned my name in security announces and  in updates details also with the CVE-ID CVE-ID 2016-1790.

you can check on Apple security SECURITY CHECK LIST


thank you guys and security researchers.