The latest iOS update contains a fix for some zero day vulnerabilities involving core audio, where a maliciously crafted media file can cause harm.
I have received a file - how can I verify it does not contain this specific exploit? It is unclear which antivirus or malware detection software will even know about this exploit as it is recent. So is there some resource that specifically checks for this exploit?
An exploit will try to exploit a bug in your software. A “zero day” exploit is just a freshly detected exploit, where the attacker has a good chance that the bug is not fixed yet.
Since there is an OS update fixing the bug, just apply the update. If you get a file that would have exploited your computer before the update, it can’t do that anymore and you are safe. What will happen: For audio and picture files, most likely the OS will tell the application that this is not a valid file and will not allow the file to be played. The alternative is that at the point where the bug was exploited, the file is now actually valid. Or playing the file may crash the application in a way that cannot cause damage.
Unless you are specifically investigating malicious software/data, there is no need to know whether an exploit is present in the file. Otherwise, usually the exact details will not be published
PS Someone at apple with access to the source code containing the bug would have to take the file, play it, until it reaches the bug or not. Even if it reaches the bug, that doesn’t mean it’s an exploit. The bug might display one pixel worn under rare but legal circumstances, with a one in a billion chance of causing an exploit.
It is unclear which antivirus or malware detection software will even know about this exploit as it is recent.
This is software that is specifically meant for detecting such threats. It seems like that's precisely what you are asking for. So it seems to me that you should check the database of detected vulnerabilities of the specific tool to find out if the exploit is detected. You could then perform a manual scan of the file and check the log file.
For instance, you'd expect articles such as this one by Qualis. This will lead you to Qualis-specific ID named QID's that are used to indicate the detection method used. So if the scanner contains these fixes in the DB then you'd know it should perform an action if such a file is found.
Sometimes tools will be made available to the public to check for specific vulnerabilities. Often these tools were used by the original team to find the exploit or to prove that they were able to exploit the vulnerability - a proof-of-concept basically. This doesn't seem to be the case for this particular vulnerability though.
Given enough info you might also be able to detect such a file yourself of course. This would go beyond the skill of most users and of course effort that users are willing to spend. It also depends on the amount and quality of information available on the vulnerability. This information may not be released to the public to avoid hackers being to create an exploit too easily. In this case you would need know the field for which the bounds weren't checked, and to know how to parse the file to retrieve the offset of that field.
