I tried to find a bug in iOS 9.2. in all platforms like ipod, iphone, ipad. After few tries i found an buffer over flow bug which is causes to boot loop in iphone and the bug will effects from the processor with the help of keyboard. The keyboard will not work when we are trying to text any thing in text message or any other app and even we can't access the lock-screen to unlock the phone. This will effects from the processor. So, these all will effects occurs. And that boot loop also never stops until decrease the total power in iphone.
While am testing first am open the notepad. And i write the characters
(emotions symbols) with the use of emoji keyboard. While writing that
characters after some long it goes normal and keys also working properly
on keyboard. But when i tried to write more and also when i try to
copied all that entire characters. The processor is not handling that
string which i loaded into processor with the help of copy option. That
string will be handled by processor to copy the information to
some other area. So, that time the bug is occurring then that bug is
starting the boot loop. And i tried in many ways to test that with the
security lock also. While trying to touch any key to unlock the
phone then again its restarting the OS. ( It continuously occurring like
as a loop.)
And also when i tried
without security lock also. At that time when i am using any app with
the help of keyboard again the bug is starting the boot loop. So, this
buffer over flow starting from the keyboard which handles by the
processor from the kernel level memory. So, i tested all the apps which are enable with the
keyboard. When am trying to open any kind of app which are having the
keyboard as input. This bug will be occurring. ex: messaging, face
time, notes, search bar, reminders, mail, even while dialling in the
phone and other private apps too(whatsapp, viber, skype, etc). This buffer overflow effecting from the keyboard and
processor from kernel level memory laayout. The processor can't handles the heavy characters which are
having 20,000 to 20,500 characters in the size of (40kb or
80kb) even. you can check the P0C.
So, i reported to the
apple security team with proof-of-concept. they patched that
vulnerability recently with the new update ios version 9.3.2 on all platforms. they mentioned my name in security announces and in updates details also with the CVE-ID CVE-ID 2016-1790.
you can check on Apple security SECURITY CHECK LIST
Proof-of-Concept:
thank you guys and security researchers.
