Credit: Tencent Keen Security Lab
CVE-2017-7162 is a double free bug on a single IPC interface in backboardd on iOS. To exploit it is necessary to fill in the freed memory in between. The time window between two frees doesn’t look good at first glance. A neat way has been found by KeenLab to make the time window controllable and they reliably exploited the bug. And the bug is also in the chain of the successful WiFi pwn done by KeenLab at Mobile Pwn2Own 2017.