Nathan

Hey, @zhuowei
Someone in the Hack Different discord Symbolized both the iOS 16.6.1/16.7 CoreTrust binaries. If you want to take a look, Here are the links:

https://cdn.discordapp.com/attachments/779145909886910474/1155677192408281118/coretrust_vuln
https://cdn.discordapp.com/attachments/779145909886910474/1155677341079568494/coretrust_patched

Sep 26, 2023 at 10:03pmWeb
Show threadNathanSep 28, 2023

@zhuowei this looks interesting too, could be linuses ppl bypass

https://github.com/apple-oss-distributions/xnu/commit/1031c584a5e37aff177559b9f69dbd3c8c3fd30a#diff-de717215f9075c0629e0b212f8b74086797f66eca0b702303146976a50ae4e24R9217

Show threadZhuowei ZhangSep 28, 2023
@Nathan I have the macOS 13.5.2 and 13.6 kexts (with symbols) already, but thanks
Show threadNathanSep 28, 2023
@zhuowei find anything with it? I tried looking at the reported sites that had the vulns but they're all gone
Show threadNathanSep 28, 2023
@zhuowei to try and get that one binary
Show threadZhuowei ZhangSep 30, 2023
@Nathan Citizen Lab and Project Zero usually releases reports analyzing the samples they captured to discover how their vulns work (e.g. the JBIG2 writeup) so if we couldn't figure it out, we could just wait.
Show threadNathanSep 30, 2023
@zhuowei yeah, true