“Describing the exploit as “pretty terrifying,” Google said the NSO Group hackers effectively booby-trapped a PDF file, masquerading as a GIF image, with an encoded virtual CPU to start and run the exploit.
“JBIG2 doesn’t have scripting capabilities, but when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That’s exactly what this exploit does,” the researchers explained.
“Using over 70,000 segment commands defining logical bit operations, [NSO’s hackers] define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. It’s not as fast as Javascript, but it’s fundamentally computationally equivalent.”
“The bootstrapping operations for the sandbox escape exploit are written to run on this logic circuit and the whole thing runs in this weird, emulated environment created out of a single decompression pass through a JBIG2 stream. It’s pretty incredible, and at the same time, pretty terrifying,” the Google researchers added.”
Holy crap!!! THAT took some brainpower. And lots of $$$.
> it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory.
This would be an exercise given to 3rd year computer science students taking a machine organization or architecture class. Would be a lot of fun actually.