CVE-2022–22659 — iOS “VPN On Demand” - George Chen - Medium

CVE-2022–22659 — iOS “VPN On Demand”
George Chen
·Follow
Dec 9, 2024
--
DGA-like outbound calls from iOS feature “VPN On Demand”
DetailsAs part of Apple’s implementation of “VPN On Demand”, an iOS service called “nesessionmanager” performs DNS redirect tests. This test is performed in the function “NESMSession startDNSRedirectionDetection” and is implemented by generating a random domain address and initiating a DNS request to resolve it. Part of the random domain name generation code is shown here and the expected result of this process is a NXDOMAIN response:
From the network logs of a single iOS device connected to wifi over a few hours, we see:
Attack Vector<REDACTED>
ImpactAn attacker in a privileged network position may be able to leak sensitive user information.
Timeline- Reported to Apple Product Security in early 2020
- Assigned CVE in May 2022
--
--
Written by George Chen69 Followers
·7 Following
George is the Head of CloudSec and AppSec at Dyson. He's passionate about cyber innovation and has filed over 50 cybersecurity patents.
No responses yet
Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams