2024-09-29

[public] 26.7K views, 3.10K likes, dislikes audio only

LiveOverflow

Want to learn more about hacking? Checkout our courses on https://www.hextree.io (ad)

I have spent many hours looking at the webp vulnerability used in the 0day attack against iPhones. In the past videos we have seen why fuzzers have a hard time finding the issue, so I wanted to understand how this was discovered. And I think I have a good theory!

Part 1: Huffman Tables /youtube/video/lAyhKaclsPM

Part 2: Fuzzing libwebp /youtube/video/PJLWlmp8CDM

Sources:

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

https://googleprojectzero.blogspot.com/2019/08/the-fully-remote-attack-surface-of.html

https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html

https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html

https://github.com/seemoo-lab/frida-scripts/blob/main/scripts/libdispatch.js

https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/

https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

https://github.com/libjxl/libjxl/blob/4b9dbde293f7f282b6952a02340300abfca2b184/lib/jxl/huffman_table.cc#L51

https://github.com/webmproject/libwebp/blob/7861947813b7ea02198f5d0b46afa5d987b797ae/src/dec/vp8l_dec.c#L86C3-L86C76

https://github.com/Tencent/mars/blob/9ab46e19ed3d4fcafe9d0de4b36547321f5ead83/mars/comm/windows/zlib/inftrees.h#L41

https://github.com/google/brunsli/blob/master/c/enc/jpeg_huffman_decode.h#L20

00:00 - Intro

01:18 - The iPhone Remote Attack Surface

02:49 - Targeting iMessage

04:04 - Dangerous Parsing / BlastDoor

06:53 - Image I/O and libwebp

08:11 - A Pattern of Image Vulnerabilities

09:28 - Huffman Tables are Everywhere!

10:50 - My Theory: known issue with enough.c

13:50 - Outro

=[ ❤️ Support ]=

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

2nd Channel: https://www.youtube.com/LiveUnderflow

=[ 🐕 Social ]=

→ Twitter: https://twitter.com/LiveOverflow/

→ Streaming: https://twitch.tv/LiveOverflow/

→ TikTok: https://www.tiktok.com/@liveoverflow_

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/