This image crashes your iPhone. Here's why. YT

Description

Are you a security researcher or reverse engineer?

For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **

*License discounts are only valid for individuals, not corporations. Cannot be combined with any other promo code or discount.
** Cannot be combined with any other promo code or discount.

/////////////////////////////////////

Hey guys, today we're looking at a crafted EXR image file that is able to crash iOS and macOS apps.

By patch-diffing iOS 26.4.2 and iOS 26.5 for bugs in ImageIO, I was able to uncover this vulnerability within Apple's EXR decoder code. Specifically, there is an integer overflow bug during the calculation for the size of a buffer. Given a crafted input file, it is possible to cause the decoder to allocate a tiny buffer of just 16-bytes, and then subsequently cause memory corruption by having it try to copy huge amounts of pixel data.

Thanks for watching,

~ bellis1000
https://zygosec.com/

Links
https://r00tkitsmm.github.io/fuzzing/2024/03/29/iOSImageIO.html
https://zygosec.com/blog
https://github.com/Billy-Ellis/exr-imageio-poc
https://citizenlab.ca/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/