Saturday, November 2, 2024
HomeAppleVulnerability in Apple iMessage Let Hackers Remotely Read Files in iPhone -...

Vulnerability in Apple iMessage Let Hackers Remotely Read Files in iPhone – PoC Released

Published on

Malware protection

Researchers from Google project Zero disclosed critical bugs that reside in iMessages that allows attackers to read local files in iPhone without any form of user interaction.

Natalie Silvanovich, a security researcher from Google project zero reported 5 different vulnerabilities along with Samuel Groß, another member of her team.

The file read vulnerability can be tracked as CVE-2019-8646 and the researcher described this vulnerability as “The class _NSDataFileBackedFuture can be deserialized even if the secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called”

“This presents two problems. First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage). Second, it allows an NSData object to be created with a length that is different than the length of its byte array. “

- Advertisement - SIEM as a Service

Natalie released a Proof of concept that works on devices with iOS 12 or later and its’s PoC shows leaking memory from a remote device.

Apple Patched this vulnerability in last security update that released on July 22 and the vulnerability affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later.

4 Other Vulnerabilities That Affected iMessage

CVE-2019-8660 – Interactionless memory corruption vulnerability allows an attacker to run arbitrary code remotely in iPhone 5s or later version and also it leads to a remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2019-8647 – This Core Data interactionless use after free Remote code execution vulnerability allows Remote Attacker to compromise iMessage and crash Springboard with no user interaction in iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later

A use after free issue was addressed by Apple and improved memory management.

CVE-2019-8662 – Similar User-after-free vulnerability resides in the QuickLook component which is loaded into the Springboard process. As such, there might be scenarios in which OfficeImport library is loaded in Springboard, making this bug remotely triggerable via iMessage without any user interaction.

This vulnerability affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later.

CVE-2019-8641- It allows a remote attacker may be able to cause unexpected application termination or arbitrary code execution and the vulnerability PoC is holding until its deadline due to the fix in the advisory did not resolve the vulnerability.

Apple Fixed all the issues in iOS 12.4 released and you can see the Full list here.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to...

New Windows Downgrade Attack Let Hackers Downgrade Patched Systems To Exploits

The researcher discovered a vulnerability in the Windows Update process that allowed them to...

Hackers Use Fog Ransomware To Attack SonicWall VPNs And Breach Corporate Networks

Recent cyberattacks involving Akira and Fog threat actors have targeted various industries, exploiting a...