Mercedes-Benz NTG 6 Head Unit Apple CarPlay NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Apple CarPlay function of Mercedes-Benz NTG 6 head units, affecting models through 2021. The vulnerability requires physical access to the head unit's Ethernet pins. An attacker with a static IP can connect to the AirTunes/AirPlay service via the internal network. By sending prepared HTTP requests, the attacker can cause the CarPlay service to crash.

Impact

Exploitation of this vulnerability leads to a crash of the CarPlay service, causing it to fail and disrupting its functionality.

Reproduction

The vulnerability can be reproduced by physically accessing the head unit's Ethernet pins and connecting a device with a static IP address to the internal network. Once connected, send crafted HTTP requests to the AirTunes/AirPlay service that exploit the NULL pointer dereference, causing the CarPlay service to crash.