“Psychic Paper”, 2020-05-01 (; backlinks):
[Writeup of a major Apple iOS vulnerability: any application could access most of the system by simply sending the OS an XML document requesting access to permissions it was allowed, and then, inside an XML “comment”, including a request for all other permissions.
Because iOS uses multiple libraries to parse XML documents, which all disagree on what is valid XML and how comments are handled, the outer request was valid for the first check (that it was not requesting permissions it should not) but then the inner request hidden in the comment would be parsed and since it was supposedly already checked and proven safe, the additional request would go through, granting all permissions. (This exemplifies the ‘langsec’ thesis that multiple implementations are inherently security vulnerabilities, as they will define different ‘weird machines’, and where the weird machines execute differently, there is the potential for vulnerabilities.)
Oops.]
View HTML: