Google Release Exploit for Five Interactionless Bugs on iOS

Google's Project Zero team once again came up with their new bugs and this time team have discovered five bugs on Apple's iOS which doesn't need users interaction for the exploitation.

Two members of Project Zero, Natalie Silvanovich and Samuel GroƟ have discovered four of five interactionless security issues in iOS. Among these four bugs have been patched by Apple and one is still left for full fix.

On twitter, Silvanovich tweeted some brief details of these bugs with some technical info and proof-of-concept code. However, information regarding one of these, CVE-2019-8641, is being kept private for now, since it hasn't been resolved by Apple yet, and Project Zero's deadline for the fix is yet to pass.

According to the Silvanovich tweets, two bugs include CVE-2019-8647 and CVE-2019-8662, can remotely be executed via iMessage, causing the receiving device to crash without any user interaction.
Other one CVE-2019-8660, which allows attackers to remotely corrupt memory. All these are remotely exploit bugs which serves to be high risk category.

Another bug identified as CVE-2019-8646 is the most critical one, where it enable undesired access to local files. Regarding this bug, researchers says-
"The class _NSDataFileBackedFuture can be deserialized even if secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called. This presents two problems. First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage). Second, it allows an NSData object to be created with a length that is different than the length of its byte array. This violates a very basic property that should always be true of NSData objects. This can allow out of bounds reads, and could also potentially lead to out-of-bounds writes, as it is now possible to create NSData objects with very large sizes that would not be possible if the buffer was backed."

 Essentially, all five of these flaws could have been exploited without any user-end interaction required. You can check the list of bugs with its description and Proof-of-concept codes.

Apple had fixed four of  five mentioned bugs in the release iOS 12.4 last week and will probably be patching the final one in the coming days.
You can check the list of the bugs which also details the reproduction of vulnerabilities with POC codes, so it is recommended all iOS user's to immediately update your device to iOS 12.4.

Earlier this year, it revealed a high severity flaw in the MacOS kernel, after Apple did not fix the issue within the allotted 90-day period.

Related Posts

Post a Comment

Subscribe Our Newsletter