Cybersecurity researchers at Google have at last revealed facts and proof-of-concept exploits for 4 out of 5 security susceptibilities that could let remote attackers target Apple iOS strategies just by sending a maliciously-crafted message over iMessage.
All the defects, which required no user communication, were correctly testified to Apple by Samuel Groß and Natalie Silvanovich of Google Project Zero, which the company repaired just last week with the issue of the latest iOS 12.4 update.
Four of these susceptibilities are “interactionless” use-after-free and memory corruption issues that could allow remote attackers to attain random code implementation on impacted iOS devices.
Nevertheless, researchers have yet issued particulars and exploits for three of these four serious RCE susceptibilities and kept one (CVE-2019-8641) private because the latest patch update did not totally address this issue.
Here below, you can find brief details, links to the security advisory, and PoC exploits for all four vulnerabilities:
- CVE-2019-8647— This is a use-after-free susceptibility that resides in the Core Data framework of iOS that can cause random code implementation due to uncertain deserialization when NSArray initWithCoder method is used.
- CVE-2019-8662— This fault is also similar to the above use-after-free susceptibility and resides in the QuickLook component of iOS, which can also be activated remotely via iMessage.
- CVE-2019-8660— This is a memory corruption issue resides in Core Data framework and Siri component, which if exploited positively, could let remote attackers cause unforeseen application termination or arbitrary code implementation.
- CVE-2019-8646— This fault, which also resides in the Siri and Core Data iOS components, could let an attacker read the content of files stored on iOS devices remotely without user interactions, as user mobile with no-sandbox.
The fifth weakness (CVE-2019-8646), an out-of-bounds read, can also be performed remotely by just sending a misshapen message via iMessage. But instead of code execution, this bug lets an attacker read the content of files stored on the victim’s iOS device through leaked memory.
Assigned as CVE-2019-8624, the susceptibility resides in Digital Touch component of watchOS and impacts Apple Watch Series 1 and later. The issue has been repaired by Apple this month with the release of watchOS 5.3.
Since proof-of-concept exploits for all these six security susceptibilities are now on hand to the public, users are highly recommended to upgrade their Apple devices to the latest version of the software at the earliest.