DER Entitlements: The (Brief) Return of the Psychic Paper

Project Zero researcher Ivan Fratric describes CVE-2022-42855: a flaw in Apple’s libCoreEntitlements DER parsing that permitted crafted DER-encoded entitlements to be ‘‘hidden’’ from provisioning-profile subset checks but still exposed to kernel entitlement queries, enabling privilege checks bypass (potentially useful for jailbreaks or unauthorized kext requests). The report explains the parsing differences, proof-of-concept tooling, exploitation paths, mitigation timeline, and that Apple patched the issue in December 2022.