iOS 15.0 Nehelper Wifi Info Entitlement Check Bypass

Discussion in 'News Aggregator' started by Packet Storm, 28 Sep 2021.

  1. Packet Storm

    Packet Storm Guest

    Zero day exploit for Nehelper Wifi Info on iOS 15.0. XPC endpoint com.apple.nehelper accepts user-supplied parameter sdk-version, and if its value is less than or equal to 524288, the com.apple.developer.networking.wifi-info entitlement check is skipped. This makes it possible for any qualifying application (e.g. possessing location access authorization) to gain access to Wifi information without the required entitlement. This happens in -[NEHelperWiFiInfoManager checkIfEntitled:] in /usr/libexec/nehelper.

    Continue reading...
     

Share This Page

Loading...