Full Disclosure mailing list archives

[Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms)

Overview:

A criticalzero-dayvulnerability in AppleMediaServices (AMS)
affects all Apple platforms — iOS, macOS, tvOS, and watchOS.

When AMS fails to fetch its remote "Bag" config file, it disables
Mescal and Absinthe request signingwithout warning, falling back to
unsigned, unauthenticated API requests.

This fail-open condition enables request tampering, replay attacks, and
authentication bypass across Apple’s API infrastructure.

The issue isunpatched, observed in the wild, and reproducible under
network interference (e.g., DNS hijacking, captive portals).

Full PoC, logs, and technical details are available below.

---

Summary

AppleMediaServices relies on a remote configuration file ("Bag") to
determine whether outgoing API requests should be signed using Mescal
and Absinthe.

If the Bag cannot be retrieved — due to DNS hijacking, TLS interference,
network filtering, or backend failures — AMS fails open with the
following behavior:

* Mescal and Absinthe signing are entirely disabled
* API requests are sent without authentication headers
* No fallback, warning, or secure default behavior is triggered

---

CVSS v3.1 Score: 9.1 (Critical)
Vector: AV\:N/AC\:L/PR\:N/UI\:N/S\:U/C\:L/I\:H/A\:N

Impact: Loss of request integrity, authentication bypass, and
vulnerability to replay and downgrade attacks targeting Apple API
infrastructure.

---

Observed Logs (Non-Jailbroken iOS Device)

Example logs from an iPhone running iOS 18.6.2:

2025-08-20 18:08:34.350275 -0400 amsengagementd
AMSAbsinthe: Failed to load Absinthe requests from bag. Will
continue without adding any signing headers.

2025-08-20 18:08:36.120492 -0400 amsengagementd
AMSURLRequestDecoration: No Mescal signature was generated. No
headers will be created.

2025-08-20 18:08:37.424169 -0400 appstored
AMSMescal: Skipping Mescal - unable to locate data to sign

---

Proof of Concept

To reproduce the issue:

1. Connect an Apple device to a network under your control (e.g., rogue
Wi-Fi, DNS hijack, captive portal).
2. Block or delay access to the Bag endpoint:
(https://bag.itunes.apple.com/bag.xml?deviceClass=...&format=json)
3. Confirm Bag fetch failure in device logs.
4. Observe that API requests are sent without the following headers:

* X-Apple-Mescal-Signature
* X-Apple-Mescal-Request-Digest
* X-Apple-ID-Session
* X-Apple-Absinthe-Signature

This confirms that the signing mechanism fails open, enabling
interception, modification, and replay of Apple API traffic.

---

Impact

* Remote exploitation is possible via network-level manipulation
* Authentication and request signing completely bypassed
* API traffic is vulnerable to MITM, session hijacking, and downgrade
attacks
* All Apple platforms and device types are affected, including iPhone,
iPad, Mac, Apple TV, and Apple Watch

---

Repository

A public GitHub repository contains:

* Full technical write-up and analysis
* Logs from affected device
* Reproduction steps

[https://github.com/JGoyd/ams-failopen/tree/main]

---

Joseph Goydish II
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

• [Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms) josephgoyd via Fulldisclosure (Sep 08)