Apple CoreAudio Memory Corruption Vulnerability Leading to Code Execution

A memory corruption vulnerability has been identified in Apple's CoreAudio component, present in multiple operating systems including iOS, iPadOS, macOS, tvOS, and visionOS. This vulnerability allows for code execution by processing an audio stream from a maliciously crafted media file. The issue arises from improper bounds checking, which has been addressed in the latest updates. Apple is aware of reports suggesting that this vulnerability may have been exploited in sophisticated attacks against targeted individuals on iOS.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device.

Reproduction

The vulnerability can be reproduced by creating an audio file that exploits the improper bounds checking in the CoreAudio deserializer for the Apple Positional Audio Codec (APAC). This can be done by manipulating the channel layout tag to create a mismatch that the audio processing pipeline does not properly handle, leading to a memory corruption when the audio is played back.

Remediation

Users can update to the latest versions of iOS, iPadOS, macOS, tvOS, or visionOS to address this vulnerability.