> This blog post discusses an old type of issue, vulnerabilities in image format parsers, in a new(er) context: on interactionless code paths in popular messenger apps. This research was focused on the Apple ecosystem and the image parsing API provided by it: the ImageIO framework. Multiple vulnerabilities in image parsing code were found, reported to Apple or the respective open source image library maintainers, and subsequently fixed. During this research, a lightweight and low-overhead guided fuzzing approach for closed source binaries was implemented and is released alongside this blogpost.
> I used LLDB to examine the testHeader functions, it turned out there are three new testHeader functions for different file formats, such as KTX2 and WebP and ETC, so because they were fairly new I thought maybe they have not been fuzzed by Project Zero... I ported Project Zero’s harness to Jackalope fuzzer.. My fuzzing effort found several vulnerabilities [fixed by Apple]..
Lots of experience in what are common exploit tactics are and where to look and test if things will break.
Identifying an exploit in iOS requires a significant amount of knowledge in how the OS works, what existing exploits are and how you could chain them together to create a larger exploit.
I've have very limited experience, but reading about how some people identify and exploit these things is extremely impressive.
