Back to Blog

Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws

July 30, 2019

By: mirabiliscorp

Google’s cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage.

All the vulnerabilities, which required no user interaction, were responsibly reported to Apple by Samuel Groß and Natalie Silvanovich of Google Project Zero, which the company patched just last week with the release of the latest iOS 12.4 update.

Four of these vulnerabilities are “interactionless” use-after-free and memory corruption issues that could let remote attackers achieve arbitrary code execution on affected iOS devices.

However, researchers have yet released details and exploits for three of these four critical RCE vulnerabilities and kept one (CVE-2019-8641) private because the latest patch update did not completely address this issue.

The fifth vulnerability (CVE-2019-8646), an out-of-bounds read, can also be executed remotely by just sending a malformed message via iMessage. But instead of code execution, this bug allows an attacker to read the content of files stored on the victim’s iOS device through leaked memory.

Here below, you can find brief details, links to the security advisory, and PoC exploits for all four vulnerabilities:

More: https://thehackernews.com/2019/07/apple-ios-vulnerabilities.html?m=1

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.