| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.7 | $0-$5k | 0.11 |
Summary
A vulnerability, which was classified as problematic, has been found in Apple iOS 7.0.5. This issue affects the function early_random of the component PRNG. This manipulation causes missing encryption.
In addition, an exploit is available.
The actual existence of this vulnerability is currently in question.
Details
A vulnerability was found in Apple iOS 7.0.5 (Smartphone Operating System). It has been declared as problematic. Affected by this vulnerability is the function early_random of the component PRNG. The manipulation with an unknown input leads to a missing encryption vulnerability. The CWE definition for the vulnerability is CWE-311. The product does not encrypt sensitive or critical information before storage or transmission. As an impact it is known to affect integrity.
The weakness was presented 03/12/2014 by Tarjei Mandt with Azimuth Security as Attacking the iOS 7 early_random() PRNG as not defined posting (Blog). It is possible to read the advisory at blog.azimuthsecurity.com. The vendor was not involved in the public release. The posting contains:
Back in 2012, Mark and I detailed a number of iOS kernel mitigations that were introduced in iOS 6 to prevent an attacker from leveraging well-known exploitation techniques such as the zone free list pointer overwrite. Most of these mitigations rely on entropy (of varying degree) provided by the kernel, and are therefore supported by a separate random number generator known as the early_random() PRNG. As this generator is fundamental to the robustness of these mitigations, and has received additional improvements in iOS 7, it is unarguably a very interesting target that deserves further study.Attacking locally is a requirement. The exploitation doesn't need any form of authentication. Technical details and also a public exploit are known. The attack technique deployed by this issue is T1600 according to MITRE ATT&CK. The advisory points out:
Although the early random PRNG is clearly inspired by glibc random_r() and ANSI C rand(), it is alarmingly weak in practice. Notably, early_random() in iOS 7 can only produce 2^19 unique outputs, with a maximum period of 2^17 (length of sequence of unique outputs, before it starts over). This is well below the size of the possible output space (64-bits), and may allow an attacker to predict values with very little effort.
A public exploit has been developed by Tarjei Mandt in ANSI C and been published immediately after the advisory. It is possible to download the exploit at mista.nu. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $25k-$100k. The real existence of this vulnerability is still doubted at the moment. The advisory illustrates:
In particular, we found that an unprivileged attacker, even when confined by the most restrictive sandbox, can recover arbitrary outputs from the generator and consequently bypass all the exploit mitigations that rely on the early random PRNG.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the databases at X-Force (91850) and SecurityFocus (BID 66236†). Additional details are provided at mista.nu. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.apple.com/
CPE 2.3
CPE 2.2
Screenshot
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.0VulDB Meta Temp Score: 3.7
VulDB Base Score: 4.0
VulDB Temp Score: 3.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Missing encryptionCWE: CWE-311 / CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: Tarjei Mandt
Programming Language: 🔍
Download: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Timeline
03/12/2014 🔍03/12/2014 🔍
03/14/2014 🔍
03/19/2014 🔍
03/31/2019 🔍
Sources
Vendor: apple.comAdvisory: Attacking the iOS 7 early_random() PRNG
Researcher: Tarjei Mandt
Organization: Azimuth Security
Status: Not defined
Disputed: 🔍
GCVE (VulDB): GCVE-100-12643
X-Force: 91850 - Apple iOS PRNG security bypass, Low Risk
SecurityFocus: 66236 - Apple iOS PRNG Entropy Weakness
scip Labs: https://www.scip.ch/en/?labs.20150917
Misc.: 🔍
Entry
Created: 03/19/2014 09:16Updated: 03/31/2019 16:49
Changes: 03/19/2014 09:16 (56), 03/31/2019 16:49 (9)
Complete: 🔍
Cache ID: 216:9BE:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.