- Edited
Hello,
Recently, there has been a significant amount of discussion surrounding the WebP vulnerability identified as CVE-2023-4863 - mainly because of the severe implications it has in a lot of different software.
There is a really good technical explanation for those that are interested.
While I am aware that GrapheneOS already provided a patch for this in 2023091800, it made me curious of the possible impact it would have had, if exploited prior to the patch.
I am especially curious about the potential impact within the context of app sandboxing and the per-app permissions provided by GrapheneOS.
Consider a scenario in which a device is running GrapheneOS prior to the patch.
Let also assume the device has a vulnerable app installed that uses the webP library (for example, a messenger app).
In the event of an exploit, the attacker can inject a payload into the device's memory heap and execute it.
Now, here are my questions:
- I presume that the exploit would operate with the same permissions as the compromised app. Is that correct?
- Would the sandbox prevent the payload from elevating further? Would the sandboxing mechanism of GrapheneOS prevent the payload from escalating is privileges further?
- How would the app-specific permissions come into play? For instance, if the vulnerable app had not been granted any network-related permissions, and the payload is loaded manually, e.g. by opening a file (payload) from disk within the messenger app - would the permission system prevent the exploit from establishing a connection once it is executed?
- Would hardened_malloc provide additional complications for an attacker, trying to craft a payload?