This vulnerability was analyzed during Episode 172 on 29 November 2022
Another vulnerability in Apple Neural Engine (ANE). Interestingly, this one’s a double fetch yielding out-of-bounds write in ZinComputeProgramUpdateMutables(). Somewhat complex codebase, but what’s important is that one of the functions that gets called by this function is ANECGetMutableOperationInfo(), which fetches an opsInfo object from shared memory. One field in particular, op_count, is used to allocate an array of mutable weight objects, but it’s double fetched. It’s fetched first to allocate the array, then again later on to populate it. By using a thread to switch out the op_count for a larger value post-allocation, you can achieve an OOB write of two 64-bit values (a kernel address to user-controlled data, and a semi-arbitrary 64-bit value).