Connect with us
Net One AD

Techunzipped News

iPhone Users Urged To Update Immediately

#PatchTuesday

iPhone Users Urged To Update Immediately

Google’s elite phone bug-hunting team has exposed six ‘interactionless’ security breaches in iPhones.

The flaws were patched in an update released by Apple last week but the hacks can still infiltrate phones running on the old operating system.

All the vulnerabilities, which required no user interaction, were responsibly reported to Apple by Samuel Groß and Natalie Silvanovich of Google Project Zero, which the company patched just last week with the release of the latest iOS 12.4 update.

The one omitted was because Apple’s iOS 12.4 patch didn’t completely resolve the flaw, according to Natalie Silvanovich, one of Google’s researchers.

Silvanovich says four of the six security bugs allow malicious code on iPhones with no user interaction needed.

Project Zero released findings and details of the flaws in a series of blog posts.

Apple has responded by releasing a new iOS patch which fixes five of the six bugs, with users urged to immediately install it.

Here below, you can find brief details, links to the security advisory, and PoC exploits for all four vulnerabilities:

  • CVE-2019-8647 (RCE via iMessage) — This is a use-after-free vulnerability that resides in the Core Data framework of iOS that can cause arbitrary code execution due to insecure deserialization when NSArray initWithCoder method is used.
  • CVE-2019-8662 (RCE via iMessage) — This flaw is also similar to the above use-after-free vulnerability and resides in the QuickLook component of iOS, which can also be triggered remotely via iMessage.
  • CVE-2019-8660 (RCE via iMessage) — This is a memory corruption issue resides in Core Data framework and Siri component, which if exploited successfully, could allow remote attackers to cause unexpected application termination or arbitrary code execution.
  • CVE-2019-8646 (File Read via iMessage) — This flaw, which also resides in the Siri and Core Data iOS components, could allow an attacker to read the content of files stored on iOS devices remotely without user interactions, as user mobile with no-sandbox.

Pardon has been a technology enthusiast his entire life and has spent the better part of last decades in information technology and security, and he writes with an aim to remove some of the "mysticism" from the cyber world. He’s the Editor at Techunzipped. Away from the keyboard, you're likely to find him playing with the latest gadgets or the latest Game.

More in #PatchTuesday

Facebook

Trending Posts




To Top