Vulnerability in Apple iOS, iPad OS and MacOS could lead to disclosure of sensitive memory data

Cisco Talos recently discovered an out-of-bounds read vulnerability in Apple’s macOS and iOS operating systems that could lead to the disclosure of sensitive memory content. An attacker could capitalize on that information to aid in the exploitation of other vulnerabilities

This vulnerability specifically exists in the DDS image parsing functionality of Apple’s ImageIO library that exists in its desktop and mobile operating systems.

TALOS-2021-1414 (CVE-2021-30939) occurs if an attacker tricks a user into opening a specially crafted, malicious file. An attacker could exploit this vulnerability to leak the target’s heap addresses and other information that could aid in further exploitation if the leaked data can be accessed in the context of a vulnerable application.

Read more…
Source: Talos