Apple iCloud, Android Nvidia driver N-day exploit details revealed

Kernels can be exploited and iCloud account user information leaked due to the security flaws.
Written by Charlie Osborne, Contributing Writer

Zimperium has released the public details of security vulnerabilities affecting both the Android and iOS mobile operating systems to the public.

The three N-day security flaws, which are bugs that are already known -- unlike zero-days -- were both patched earlier this year.

However, by revealing the technical details to the general public and sharing the information prior with Zimperium's Handset Alliance (ZHA) -- of which Samsung, Telstra, and BlackBerry are members, among others -- this will hopefully prompt handset vendors to ensure patches released by Apple and Google are rolled out quickly, if they have not already been made available.

The first flaw, which at the time of writing has not been issued a CVE number, is an information disclosure issue which impacts Apple's iCloud storage service. Affecting iOS version 10.3 and below, the vulnerability occurs due to a lack of sandbox checks.

The XPC service com.apple.coreservices.appleid.authentication could be accessed by any application on iOS and attackers could exploit the issue by sending a message containing a "command" key to the service. If the value was set to 0x130, 0x500, or 0x510, information about the user's iCloud was exposed, such as phone numbers, names, and the device serial number, as well as all emails associated with the iCloud account.

The second vulnerability, CVE-2016-2434, is a privilege escalation bug resolved in an Android security bulletin earlier this month.

The security flaw, which impacts Android 6.0.1 on Nexus 9 devices, allows attackers to use a crafted application connected to the NVIDIA nvhost-vic driver to escalate their privileges and write arbitrary code in the kernel.

See also: Intel, Microsoft launch new bug bounty programs

The third and final security flaw, CVE-2016-3857, is another privilege escalation issue on the Android platform. Affecting Huawei MT7-UL00 and Nexus 7 devices running Android 6.0 and below, the bug occurs in the Android function 'sys_oabi_epoll_wait.'

If are events are set to a kernel address, due to a lack of validation, this can lead to arbitrary kernel write.

In April, Zimperium released the technical details of bugs affecting the Nvidia Video driver and MSM Thermal driver on the Android mobile platform.

Cybersecurity reads for every hacker's bookshelf

Editorial standards