Today news broke today of Jamf’s latest research around a new vulnerability on iPhones dubbed ColdInvite that allows attackers to take advantage of a known vulnerability called ColdIntro in certain versions of iOS.
ColdInvite was found by security researcher 08tc3wbb when analyzing ColdIntro, which was patched last year. While looking deeper into this vulnerability, Jamf’s researcher uncovered some “interesting and mysterious” information leading to the discovery of ColdInvite.
When Apple released iOS 15.6.1 to patch ColdIntro, the goal was to mitigate the method used by an attacker to jump from the co-processor to the application processor (AP). However, Jamf has now discovered that the initial patch was incomplete. It mitigated one of the ways an attacker could escape the co-processor, but it didn’t address the root cause of the underlying vulnerability.
ColdInvite allows threat actors to similarly escape from the display co-processor to the AP kernel, opening the door to potential device takeovers and the accessibility of sensitive information. Jamf says the discovery of ColdInvite is likely just the beginning of more and more co-processor attacks and escape vulnerabilities that we’ll see as the threat landscape continues to evolve.
In his latest “Power On” newsletter, Bloomberg’s Mark Gurman says Apple is preparing a new…
In his latest “Power On” newsletter, Bloomberg’s Mark Gurman says Apple won’t debut a new…
As you’ve probably noticed (at least I hope you have, or else I’ve made a…
Here are the top Apple-related articles at Apple World Today for the week of May…
One of the biggest reasons people are starting to lean on AI for knowledge and…
The internet offers infinite forms of entertainment, and the world of on-line gaming isn't any…