Bugs in iOS allow attack without user intervention
Google security researchers have found five bugs in iOS that could allow an attacker to infect an iPhone without user intervention. The bugs have now been fixed, but some details are still being kept secret.
The bugs are in iMessage, says researcher Natalie Silvanovic from Google’s Project Zero, the department that detects leaks in software. Google has posted details about the bugs online, but is still keeping one bug private because a full fix is not yet available. Silvanovich has created a proof-of-concept about the bugs, which are found on the iPhone 5s and later, the iPad Air and later, and the iPod Touch 6 and later. In iOS 12.4 the bugs are fixed.
These are vulnerabilities where an attacker can infect a phone by sending a specific message to iMessage. In this way, the attacker can, for example, use free space in the working memory to read it, but in some cases also to execute code from a distance on a device. The researchers reported the bugs to Apple, which came up with a fix within 90 days. At the moment, not all details of the leaks are known, but Silvanovich will explain more at the BlackHat hacker conference next week.
It concerns the following leaks:
| CVE-2019-8647 | Use-after-free bug that allows remote code execution through working memory in rare cases. Difficult to exploit according to the researchers. |
| CVE-2019-8662 | Similar to CVE-2019-8647. |
| CVE-2019-8660 | Memory vulnerability, specifically in Core Data, that allows attackers to crash apps and execute code. |
| CVE-23019-8646 | Bug in NSData that allows an attacker to read files even outside the sandbox. |
| CVE-2019-8641 | Details are still being kept quiet as there is no update yet. |