all InfoSec news
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
Project Zero googleprojectzero.blogspot.com
By Ian Beer
A graph representation of the sandbox escape NSExpression payload
In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The chain was reported to Apple under a 7-day disclosure deadline and Apple released iOS 16.4.1 on April 7, 2023 fixing CVE-2023-28206 and CVE-2023-28205.
Over the last few years Apple has been hardening the Safari WebContent (or "renderer") process …
amnesty amnesty international analysis apple april attacks collaboration escape exploit exploit chain google gpu graph ian international ios iphone link malicious malicious link payload process representation safari sandbox sandbox escape targeted attacks threat threat analysis threat analysis group under zero-day zero-day exploit