Categories: AppleVulnerability

Vulnerability in Apple iMessage Let Hackers Remotely Read Files in iPhone – PoC Released

Researchers from Google project Zero disclosed critical bugs that reside in iMessages that allows attackers to read local files in iPhone without any form of user interaction.

Natalie Silvanovich, a security researcher from Google project zero reported 5 different vulnerabilities along with Samuel Groß, another member of her team.

The file read vulnerability can be tracked as CVE-2019-8646 and the researcher described this vulnerability as “The class _NSDataFileBackedFuture can be deserialized even if the secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called”

“This presents two problems. First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage). Second, it allows an NSData object to be created with a length that is different than the length of its byte array. “

Natalie released a Proof of concept that works on devices with iOS 12 or later and its’s PoC shows leaking memory from a remote device.

Apple Patched this vulnerability in last security update that released on July 22 and the vulnerability affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later.

4 Other Vulnerabilities That Affected iMessage

CVE-2019-8660 – Interactionless memory corruption vulnerability allows an attacker to run arbitrary code remotely in iPhone 5s or later version and also it leads to a remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2019-8647 – This Core Data interactionless use after free Remote code execution vulnerability allows Remote Attacker to compromise iMessage and crash Springboard with no user interaction in iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later

A use after free issue was addressed by Apple and improved memory management.

CVE-2019-8662 – Similar User-after-free vulnerability resides in the QuickLook component which is loaded into the Springboard process. As such, there might be scenarios in which OfficeImport library is loaded in Springboard, making this bug remotely triggerable via iMessage without any user interaction.

This vulnerability affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later.

CVE-2019-8641- It allows a remote attacker may be able to cause unexpected application termination or arbitrary code execution and the vulnerability PoC is holding until its deadline due to the fix in the advisory did not resolve the vulnerability.

Apple Fixed all the issues in iOS 12.4 released and you can see the Full list here.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Severe Kibana Flaw Allowed Attackers to Run Arbitrary Code

A newly disclosed security vulnerability in Elastic’s Kibana platform has put thousands of businesses at…

27 minutes ago

IT Worker from Computacenter Let Girlfriend Into Deutsche Bank’s Restricted Areas

A former information technology manager has filed a whistleblower lawsuit alleging a major security breach…

1 hour ago

NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict

A federal jury in California has ordered Israeli spyware maker NSO Group to pay approximately…

2 hours ago

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly…

16 hours ago

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service…

16 hours ago

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has…

17 hours ago