infosec@cocoahuke:~/posts$
decrypt --content attack-iphone-via-coprocessors
A vulnerability that was believed to be patched back in 2022 by Apple is more mysterious than researchers initially believed it to be. The patch mitigated a vulnerability that was exploited in the wild as part of an attack chain targeting co-processors.
During the process of analyzing ColdIntro (CVE-2022-32894), I discovered another vulnerability that allows attackers to escape a co-processor and initiate memory corruption in the Application Processor (AP) — named ColdInvite (CVE-2023-27930).
ColdInvite impacts iPhone users by taking advantage of a vulnerability in certain versions of iOS.
Download full report Here
