iMessage Media Parser Zero-Click → CoreAudio RCE → PAC/RPAC → Kernel → CryptoTokenKit Abuse

Reading time: 7 minutes

This page summarizes a modern iOS zero-click attack surface and an observed end-to-end exploitation chain abusing iMessage automatic media parsing to compromise CoreAudio, bypass BlastDoor, defeat Pointer Authentication (PAC) via an RPAC path, escalate to kernel, and finally abuse CryptoTokenKit for unauthorized key uses.

Waarskuwing: Dit is 'n opvoedkundige samevatting om verdedigers, navorsers en rooi spanne te help om die tegnieke te verstaan. Moet dit nie aanvallend gebruik nie.

High-level chain

• Delivery vector: a malicious audio attachment (e.g., .amr / MP4 AAC) sent via iMessage/SMS.
• Auto-ingestion: iOS auto-parses media for previews and conversions without user interaction.
• Parser bug: malformed structures hit CoreAudio’s AudioConverterService and corrupt heap memory.
• Code exec in media context: RCE inside the media parsing process; reported to bypass BlastDoor isolation in specific paths (e.g., “known sender” framing path).
• PAC/RPAC bypass: once arbitrary R/W is achieved, a PAC bypass in the RPAC path enables stable control flow under arm64e PAC.
• Kernel escalation: the chain converts userland exec into kernel exec (e.g., via wireless/AppleBCMWLAN code paths and AMPDU handling as seen in logs below).
• Post-exploitation: with kernel, abuse CryptoTokenKit to perform signing with Secure Enclave–backed keys, read sensitive data paths (Keychain contexts), intercept messages/2FA, silently authorize actions, and enable stealth surveillance (mic/camera/GPS) without prompts.

iMessage/BlastDoor attack surface notes

BlastDoor is a hardened service designed to parse untrusted message content. However, observed logs indicate paths where protections may be bypassed when messages are framed from a “known sender” and when additional filters (e.g., Blackhole) are relaxed:

IDSDaemon    BlastDoor: Disabled for framing messages
SpamFilter   Blackhole disabled; user has disabled filtering unknown senders.

Belangrike punte:

• Auto-parsing bly steeds 'n afstandelike, zero-click attack surface.
• Beleids-/konteksbesluite (known sender, filtering state) kan die effektiewe isolasie beduidend verander.

CoreAudio: AudioConverterService heap corruption (userland RCE)

Geraakte komponent:

• CoreAudio → AudioConverterService → AAC/AMR/MP4 parsing and conversion flows

Waargeneemde parser touchpoint (logs):

AudioConverterService    ACMP4AACBaseDecoder.cpp: inMagicCookie=0x0, inMagicCookieByteSize=39

Opsomming van tegniek:

• Verkeerd gevormde container/codec-metadata (bv. ongeldig/kort/NULL magic cookie) veroorsaak ’n geheuekorrupsie tydens decode-opstelling.
• Activeer in die iMessage media-omskakelingspad sonder interaksie deur die gebruiker.
• Gee kode-uitvoering in die media-parsingproses. Die beskrywing beweer dit ontsnap BlastDoor in die waargenome afleweringspad, wat die volgende fase moontlik maak.

Praktiese wenke:

• Fuzz AAC/AMR magic cookie en MP4 codec-atome wanneer jy AudioConverterService-omskakelings teiken.
• Fokus op heap-overflows/underflows, OOB reads/writes, en grootte/lengte-verwarring rondom decoder-initialisering.

PAC bypass via RPAC path (CVE-2025-31201)

arm64e Pointer Authentication (PAC) verhinder die kaap van return-adresse en function pointers. Die ketting rapporteer dat PAC oorwin word deur ’n RPAC-pad sodra arbitraire read/write beskikbaar is.

Kernidee:

• Met arbitraire R/W kan aanvallers geldige, her-gesigneerde pointers vervaardig of uitvoering draai na PAC-tolerante paaie. Die sogenaamde “RPAC path” stel control-flow toe onder PAC-beperkings, wat ’n userland RCE in ’n betroubare kernel exploit-opstelling verander.

Aantekeninge vir navorsers:

• Versamel info leaks om KASLR teë te werk en ROP/JOP-kettings te stabiliseer selfs onder PAC.
• Teiken callsites wat PAC op beheerbare maniere genereer of verifieer (bv. signatures wat op aanvaller-beheerde waardes gegenereer word, voorspelbare context keys, of gadget-reekse wat pointers her-teken).
• Verwag variansie in Apple-hardering volgens SoC/OS; betroubaarheid berus op leaks, entropie, en robuuste primitives.

Kernel eskalasie: wireless/AMPDU path example

In die waargenome ketting, sodra in userland met geheuekorrupsie en ’n PAC-omseil-primitive, is kernel-kontrole bereik via kodepaaie in die Wi‑Fi stack (AppleBCMWLAN) onder verkeerd gevormde AMPDU-hantering. Voorbeeld logs:

IO80211ControllerMonitor::setAMPDUstat unhandled kAMPDUStat_ type 14
IO80211ControllerMonitor::setAMPDUstat unhandled kAMPDUStat_ type 13

Algemene tegniek:

• Gebruik userland primitives om kernel R/W of controlled call paths te bou.
• Misbruik bereikbare kernel surfaces (IOKit, networking/AMPDU, media shared memory, Mach interfaces) om kernel PC control of arbitrary memory te bereik.
• Stabiliseer deur read/write primitives te bou en PPL/SPTM-beperkings te omseil waar toepaslik.

Post-exploitation: CryptoTokenKit and identity/signing abuse

Sodra die kernel gekompromitteer is, kan prosesse soos identityservicesd geïmpersonifiseer word en bevoorregte kriptografiese operasies via CryptoTokenKit aangeroep word sonder gebruikersprompt. Voorbeeld logs:

CryptoTokenKit    operation:2 algo:algid:sign:ECDSA:digest-X962:SHA256
CryptoTokenKit    <sepk:p256(d) kid=9a86778f7163e305> parsed for identityservicesd

Impact:

• Gebruik Secure Enclave–backed keys vir ongemagtigde ondertekening (tokens, messages, payments), wat vertrouensmodelle breek selfs al word sleutels nie uitgevoer nie.
• Afvang 2FA codes/messages stilweg; magtig payments/transfers; aktiveer verborge mic/camera/GPS.

Defensive angle:

• Behandel post-kernel integriteitskendinge as katastrofies: dwing runtime attestation af vir CTK consumers; minimaliseer ambient authority; verifieer entitlements by die punt van gebruik.

Reproduction and telemetry hints (lab only)

• Delivery: stuur 'n gespesialiseerde AMR/MP4-AAC audio na die teiken-toestel via iMessage/SMS.
• Observe telemetry vir bogenoemde log lines rondom ontleding en reaksies van die draadlose stack.
• Ensure devices is volledig gepatch; toets slegs in geïsoleerde lab opstellings.

Mitigations and hardening ideas

• Patch level: iOS 18.4.1 blyk hierdie ketting reg te stel; hou toestelle op datum.
• Parser hardening: streng verifikasie van codec cookies/atoms en lengtes; verdediging-dekodeerpaaie met bounds checks.
• iMessage isolation: vermy om BlastDoor/Blackhole te verslap in “known sender” kontekste vir media parsing.
• PAC hardening: verminder PAC-gadget beskikbaarheid; verseker signatures is gebind aan onvoorspelbare kontekste; verwyder PAC-tolerant bypassable patrone.
• CryptoTokenKit: vereis post-kernel attestation en sterk entitlements by call-time vir key-bound operations.
• Kernel surfaces: verhard wireless AMPDU/status handling; minimaliseer attacker-controlled inputs vanaf userland na kompromie.

Affected versions (as reported)

• iOS 18.x voor iOS 18.4.1 (April 16, 2025).
• Primary: CoreAudio → AudioConverterService (media auto-parsing path via iMessage/SMS).
• Chained: PAC/RPAC path en kernel escalation via AppleBCMWLAN AMPDU handling.

References

• iOS Crypto Heist repo (README)
• Remote Crypto Attack Chain details