The Mystery Behind ColdIntro (CVE-2022- 32894) and ColdInvite (CVE-2023-27930) a Co-Processor Escape Vulnerability Contents

Learn how a previously patched vulnerability (ColdIntro) led to the discovery of a novel threat vector (ColdInvite) on iPhone and how this new vulnerability allows attackers to circumvent security mitigations by exploiting under-protected co-processors. Furthermore, Jamf performs a deep technical dive into how this newly found vulnerability could be exploited to fully take over affected iOS devices by leveraging access to the co-processor, further compromising the iOS kernel.

As threat actors continue to search for vulnerabilities to exploit when carrying out sophisticated attacks, the security researchers of the Jamf Threat Labs are hard at work making yet another discovery while identifying new ways that attackers are leveraging the Display Co-Processor found within iPhone 12 models and newer to pivot attacks from the targeted component to the kernel itself in an attempt to fully compromise the device.

In this research report, learn about the key findings of the previously patched vulnerability that led to the discovery of an entirely new vulnerability impacting newer iPhone devices running supported versions of iOS, such as:

  • An advisory on commercial threat actors using a co-processor vulnerability in the wild
  • How the previously patched vulnerability (CVE-2022-32894) did not fix the root cause of the underlying vulnerability
  • A step-by-step breakdown of the newly discovered vulnerability (CVE-2023-27930) and how it functions
  • Why both nation-state and commercial threat actors could be interested in co-processor attacks in the future