Google Project Zero hackers disclose details and PoCs for 4 iOS RCE flaws

Security experts at Google disclosed details and proof-of-concept exploit codes for 4 out of 5 security vulnerabilities in Apple iOS.

Researchers at Google disclosed details and proof-of-concept exploit codes for 4 out of 5 security vulnerabilities in Apple iOS that could be exploited by attackers to hack Apple devices by sending a specially-crafted message over iMessage. The vulnerabilities required no user interaction to be exploited.

The flaws were reported by Google Project zero white hat hackers Samuel Groß and Natalie Silvanovich. Below the list of the flaws:

CVE-2019-8647 is a use-after-free flaw that resides in the Core Data framework that can cause arbitrary code execution due to insecure deserialization when the NSArray initWithCoder method is used. This flaw can be exploited remotely via iMessage and crash Springboard without any user interaction.
CVE-2019-8662 is a use-after-free flaw that resides in the QuickLook component of iOS, this flaw can be exploited remotely via iMessage without any user interaction.
CVE-2019-8660 is a memory corruption issue that resides in Core Data framework and Siri component. The flaw could be exploited by remote attackers to cause an unexpected application termination or to get arbitrary code execution. “This issue would likely be fairly difficult to exploit due to the uncontrolled nature of these copies.”
CVE-2019-8646 resides in the Siri and Core Data iOS components, it could be exploited by an attacker to read the content of files stored on iOS devices remotely without user interactions.

Google researchers did not disclose details for one these flaws, tracked as CVE-2019-8641, because the Apple iOS update patch did not completely address the flaw.

Apple addressed the vulnerabilities with the release of the latest iOS 12.4 update.

The other flaw, tracked as CVE-2019-8646, is an out-of-bounds read that can be exploited by a remote attacker to read files stored on the target’s device. The flaw could be exploited by just sending a specially-crafted message via iMessage.

Last week, Silvanovich also released details and a PoC exploit for another out-of-bounds read vulnerability, tracked as CVE-2019-8624, that could be exploited by remote attackers to leak memory and read files from the target devices.

The CVE-2019-8624 flaw resides in Digital Touch component of watchOS and affects Apple Watch Series 1 and later. Apple addressed the flaw with the release of watchOS 5.3.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Apple iOS, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.