From The Apple Wiki

libCoreEntitlements is a new iOS 15+ library for handling DER encoded entitlements. It's present in both userspace and in the AMFI kext.

On iOS 15, it is the only library used for parsing the new DER entitlements.


(I would highly recommend giving this a read). In versions prior to macOS 12.6.2 / macOS 13.1 / iOS 15.7.2 / iOS 16.2, a parsing bug allows you to make entitlements visible to CEValidate/CEContextQuery but invisible to CEQueryContextToCFDictionary/CEContextIsSubset. This was patched in der_decode_key_value by checking sequence length.


No other known vulnerabilities are known. I did notice that (on macOS 12.6, not sure about other versions so this still may not be patched) CECreateStringOpInplace seems to suffer from an issue which technically allows for a heap buffer overflow & stack buffer overflow (the memcpy doesn't verify the length is smaller than the area of memory we're copying to). However, this obviously is not realistically exploitable on modern systems.