Awesome

WeightBufs:

WeightBufs is a kernel r/w exploit for all Apple devices with Neural Engine support. Bugs and Exploit by @simo36, you can read my presentation slides at POC for more details about the vulnerabilities and the exploitation techniques.

The exploit doesn't rely on any hardcoded address or offset, and it should work AS IS on macOS12 up to 12.4 and *OS 15 up to 15.5.

The kernel vulerabilties affect all iOS 15 versions (up to 16.0), however the sandbox escape has been fixed on iOS 15.6. As a result, breaking the exploit chain and another sandbox escape is required to get things working again on iOS 15.6/15.7. Although I have another sandbox escape that works up to iOS 16.1, I'm not sure if the kernel exploit techniques are still usable on iOS 15.6+.

Vulnerabilities:

The exploit chains 4 vulnerabilities which I independently discovered and reported to Apple:

• CVE-2022-32845 : aned signature check bypass for model.hwx.
• CVE-2022-32948 : DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation.
• CVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue.
• CVE-2022-32899 : DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue.

Tested devices:

• iPhone12 Pro (iPhone13,3) with iOS 15.5.
• iPad Pro (iPad8,10) with iPadOS 15.5.
• iPhone11 Pro (iPhone12,3) with iOS 15.4.1.
• MacBookAir10,1 M1 with macOS 12.4.

Notes:

There are some situations where the exploit may fail:

• The target IOSurface or IOSurfaceClient object address is upper to the mutable kernel buffer MUTK,however the exploit detects the failure early, preventing the device from crashing. It's sufficient to run the exploit again and it should succeed on the second attempt.
• If the exploit frequently crashes the device at stage 2 or stage 3, that means it must be tuned to the tested device, make sure to read DEBUG_EXPLOIT_STAGE_2_KERN_PANIC and DEBUG_EXPLOIT_STAGE_3_KERN_PANIC for more details.
• The target device needs to be in an idle state, and it's preferable to reboot it before using the exploit, even better if the airplane mode is turned on.

Credit

WeightBufs includes AppleNeuralEngine framework header files generated by Elias Limneos via classdump-dyld 1.0.

License

WeightBufs is released under the MIT license.