Autumn is apple season, so I started yearning for a yummy apple pie. Coincidentally, Apple recently released a patch for an arbitrary code execution vulnerability caused by an integer overflow. What a perfect excuse for baking an apple pie!
A flawed apple
On September 13th, Apple released a fix for an integer overflow vulnerability with an identifier CVE-2021-30860. The flaw lies in how certain macOS, iOS, iPadOS, and watchOS versions handle PDF files. Processing a malicious PDF can lead to executing arbitrary code selected by the attacker. According to Apple, exploitation of this vulnerability has been reported. So better update your Apple devices!
What is arbitrary code execution?
Arbitrary code execution is a type of vulnerability. It allows the attacker to get the same permissions as the vulnerable process has. This way, the attacker can execute commands and code of their choosing on a target system. The worst case is that the attacker gets a root shell.
If you are interested in what type of code the attacker typically runs when exploiting arbitrary code execution vulnerabilities, you can check this article by SearchSecurity.
Arbitrary code execution can be caused by, for example, deserialization vulnerabilities, type confusion vulnerabilities, or – in this recent case – integer overflow vulnerabilities.
What is an integer overflow?
Typically in programming languages, a certain number of bits, for example, 32 bits, is reserved for representing integers. The largest value you can represent with a 32-bit variable is 2^32 -1 = 4,294,967,295 (-1 because of wanting to include zero in the value range). If you like to use both negative and positive values in your program, you will be limited to values between −2,147,483,648 and 2,147,483,647.
Many programming languages and compilers do not give an error when you exceed the maximum value. Instead, they may truncate the value or wrap around, so you get a new figure from the lower end of the value range. This can result in strange behavior or vulnerabilities. Acunetix blog has some good examples of integer overflow cases and consequences.
As a side note, an integer overflow cannot happen in Python, because Python integers have arbitrary precision. A blog post by mortada.net explains the inner workings of Python integers very well.
Apple pie with a vanilla sauce overflow
I found this apple pie recipe in a magazine long ago, but I haven’t tried it before. The instructions are also available online (unfortunately only in Finnish, though). I think the ground almonds on top give a nice touch.
Ingredients for the dough and filling:
- 75 g pastry margarine
- 1 dl sugar
- 1 dl whipping cream
- 1 egg
- 2,5 dl wheat flour
- 1,5 tsp baking powder
- 3 medium-sized apples
- 2 tbsp coarsely ground almonds
Melt the pastry margarine and let it cool for a while. Add the sugar, cream, egg, flour, and baking powder and mix. Spread the dough into a pie pan. I used a glass pan with a 28 cm diameter and. If you use a smaller pan, it should have high edges.
Cut the apples into slices and remove the core. You can also peel the apples if you prefer. Put the apple slices on top of the dough and sprinkle the ground almonds on top. Bake the pie at 200 ºC for 15 minutes.
While the pie is in the oven, mix the following ingredients:
- 1 egg
- 1 dl whipping cream
- 0,5 dl sugar
- 1 tsp vanilla sugar
Pour the mixture on top of the half-baked pie. Bake the pie on the bottom rack of the oven for another 15-20 minutes or until the filling is firm.
Let the pie cool to allow the filling to set. Serve with a vanilla sauce overflow.
These apples do not need patching: eat them!
Bake Security In 