MacDirtyCow Exploit Explained

Posted on By CosmicRa1n 1 Comment on MacDirtyCow Exploit Explained

The MacDirtyCow exploit was originally released by Ian Beer of Google Project Zero CVE-2022-46689 and has been used in a number of applications that provide various tweaks / mods on the device without the need of a jailbreak.

Ian Beer Writeup: https://bugs.chromium.org/p/project-zero/issues/detail?id=2337#c3

Affected Versions

  • iOS 15.0 – 16.1.2
  • iPadOS 15.0 – 16.1.2
  • macOS 13.0.1

Code name MacDirtyCow is a security vulnerability that was found in the macOS operating system in 2020. The exploit is a variant of the Dirty COW (Copy-On-Write) vulnerability that was discovered in the Linux kernel in 2016.

MacDirtyCow allows an attacker to gain root privileges on a macOS system by exploiting a race condition in the way the operating system handles copy-on-write operations on the system’s memory.

This could allow the attacker to execute malicious code, modify system files, or access sensitive information. The vulnerability was patched by Apple in a security update.

Zhuowei writeup: https://worthdoingbadly.com/macdirtycow/

TCCD Exploit?

The TCCD exploit is a spin-off of the MacDirtyCow exploit and has been improved by Nathan. The TCCD exploit provides full disk access, compared to the initial MacDirtyCow, which did not.

See Here: https://github.com/verygenericname/ish-tccd

This means that the TCCD exploit can read and write to the entire VAR partition, which is a huge improvement.

TCCD Definition

TCCD (Thin Crowds Controller Data) Exploit is a security vulnerability found in modern computer processors that could allow an attacker to access sensitive information such as passwords or encryption keys. 

It is a side-channel attack that exploits a timing difference in the processing of data in the CPU to leak information from a secure environment to an attacker. 

This exploit was discovered in 2021 and affects many modern processors from Intel, AMD, and ARM.

Applications Using the TCCD Exploit

The TCCD exploit has already spawned a number of applications that take advantage of its full disk access capabilities. For example, the SantanderEscape file manager for iOS 16 uses the TCCD exploit for full file access.

Conclusion

If you’re running iOS 16.1.2 or lower, this is the time to stay in, as the exploit is becoming more and more powerful and more applications are starting to pop up that allow you to tweak / mod your device.

Can this be used to jailbreak?

Unfortunately no, MacDirtyCow & TCCD only affect userspace processes. A jailbreak requires a kernel exploit. Regardless MDC & TCCD is freaking cool!

news Tags:, , , , ,

More Related Articles

iOS 17 Rumored Updates To Wallet, Health And Wallpapers news
Apple Working To Add Support For Sideloading & 3rd Party App Stores In iOS 17 news

Comment (1) on “MacDirtyCow Exploit Explained”

  1. Pingback: CCiPod (Tweak) Control Center Music Redesign - The iDevice Blog

Comments are closed.