Skip to main content

Introduction

The main programming language for iOS is Objective-C, which is generally susceptible to the same memory corruption vulnerabilities as the legacy C language. Below is a brief description of some of the vulnerabilities that have been found in iOS since its release. This is not an exhaustive list.

Buffer Overflow: A buffer overflow vulnerability in iOS devices can occur when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. For instance, a buffer overflow vulnerability was found in Apple's XNU operating system kernel that allowed attackers on a local network to reboot Apple's iOS and macOS devices and could potentially lead to remote code execution. 

Integer Overflow: Integer overflow vulnerabilities in iOS devices can occur when a value is moved into a variable type too small to hold it. For example, an integer overflow vulnerability was found in XNU's memory mapping syscalls (mach_make_memory_entry and vm_map) to obtain read/write access to the entire physical memory of the device at user level. 

Integer Underflow: Integer underflow vulnerabilities in iOS devices can occur when an operation causes the value of an integer to drop below its minimum value. For instance, an integer underflow vulnerability was found in launchd in Apple iOS before 7.1.2, which allowed attackers to execute arbitrary code via a crafted application. 

Stack Overflow: Stack overflow vulnerabilities in iOS devices can occur when the stack pointer exceeds the stack bound, causing the program to crash or to overwrite critical program data. For example, a stack overflow vulnerability was found in ImageIO when processing a maliciously crafted image, which may lead to code execution. 

Heap Overflow: Heap overflow vulnerabilities in iOS devices can occur when an overflow in the heap-based buffer allows an attacker to manipulate and execute arbitrary code in the affected software. For instance, a heap buffer overflow vulnerability was found in vp8 encoding in libvpx prior to 1.13.1, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 

ROP Chains: Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing [12]. In iOS devices, ROP chains can be used to exploit vulnerabilities and execute arbitrary code with kernel privileges. 

JOP Chains: Jump-oriented programming (JOP) is a code-reuse attack similar to return-oriented programming but uses a dispatcher gadget instead of a return instruction. While there are no specific examples of JOP chain vulnerabilities in iOS devices, they could theoretically be used in a similar manner to ROP chains. 

Out of Bounds Read/Write: Out of bounds read/write vulnerabilities in iOS devices can occur when the software reads or writes to a buffer using an index or pointer that references a memory location outside of the boundaries of the buffer. For instance, an out-of-bounds write issue in the kernel (CVE-2022-42827) could be exploited by rogue applications to execute arbitrary code with admin privileges. 

Kernel Memory Leaks: Kernel memory leaks in iOS devices can occur when memory resources allocated to the kernel are not correctly freed, which can lead to a decrease in system performance or even a system crash. For instance, a kernel flaw (CVE-2024-23225) was found in iOS that allowed attackers with arbitrary kernel read and write capabilities to bypass kernel memory protections.