NDAY-2017-0101: iCloud Information Leak

Share this blog

By: Zuk Avraham
Follow Zuk Avraham (@ihackbanme)

Nicolas Trippar
Follow Nicolas Trippar (@ntrippar)

zNID: NDAY-2017-0101
CVE: Unknown
Type: Information Disclosure
Platform: iOS < 10.3
Device type: iPhone, iPod
iOS bulletin: https://support.apple.com/en-us/HT207617
Public release date: 25th of May, 2017
Credit: Anonymous

Download Exploit (password zimperium_ndays)

Vulnerability Details

An XPC service com.apple.coreservices.appleid.authentication can be accessed by any application on iOS because of lack of sandbox checks. This can be exploited by sending a message containing a “command” key, and setting the value to either 0x130, 0x500 or 0x510, information about the user’s iCloud will be shown such as phone number, name, serial number of device, and all emails associated with the iCloud account.

NDAY-2017-0101: iCloud Information Leak

Vulnerability Details

Exploitation

Author: zLabs

Recommended Reading

N-Days Exploits: NDAY-2017-0103 Arbitrary kernel write in sys_oabi_epoll_wait

NDAY-2017-0106: Elevation of Privilege in NVIDIA nvhost-vic driver

NDAY-2017-0102: Elevation of Privilege Vulnerability in NVIDIA Video Driver