Google’s Project Zero has unveiled details of a bug in Apple’s iMessage that lets attackers read data from an iPhone without any user interaction.
The bug is one of four revealed by Project Zero researcher Natalie Silvanovich that Apple patched last week. Named CVE-2019-8646, it is classified with high severity. It allows attackers to read data from an iPhone without any user interaction and could also allow writing to out-of-bounds memory. Silvanovich provided proof-of-concept code that leaks bytes of memory from the targeted phone and displays it on an attacker’s remote machine.
CVE-2019-8647, also a high severity bug, crashes the iPhone’s Springboard home screen manager with no user interaction. That bug, along with the high severity CVE-2019-8660, could allow arbitrary code execution. CVE-2019-8660 would be difficult to exploit in practice, though, she added.
CVE-2019-8624, also ranked moderate, allows an attacker to crash Springboard without any interaction.
There’s one bug that Silvanovich is holding back on because she doesn’t believe that Apple has patched it properly. That’s CVE-2019-8641, which affects the iPhone 5s and later, along with all iPads since the Air and all iPods since generation six. It involves an out-of-bounds read, which allows remote attackers to cause unexpected application termination or arbitrary code execution.
In the patches that it released last week, Apple said it had fixed this issue by improving its input validation. The patch didn’t work, according to Silvanovich:
We are withholding CVE-2019-8641 until its deadline because the fix in the advisory did not resolve the vulnerability
— Natalie Silvanovich (@natashenka) July 29, 2019
Even though that patch apparently didn’t stick, it’s still worthwhile checking to ensure that you’ve installed all the other iMessage patches (along with all the other patches that Apple dropped last week). To do that, tap the Settings icon, then select Software Update. If there’s a patch waiting to be installed, it will let you initiate it. To be safe, if you’re downloading the patch over a Wi-Fi network to save on your data plan, always use a trusted network rather than a public one.
Silvanovich discovered another bug earlier this year. Classed as moderate, CVE-2019-8573 and CVE-2019-8664 bricks the iPhone with a malformed message. It stops the phone displaying the UI and responding to input, and it survives a hard reset, rendering the phone unusable until the user reboots into recovery mode and does a restore, which deletes all their data. She disclosed that one in early July 2019 after Apple patched it in iOS 12.3.
anonymous coward
Features, not bugs. These are designed by Apple to facilitate Chinese surveillance. How else to explain that a simple text message system can be so easily exploited by several methods?
The patches only come because they were discovered and Apple has a public image to maintain. Rest assured, there are more of these not yet discovered.
Anonymous
Text messaging systems are FAR from simple nowadays. This isn’t the first time a vuln like this been uncovered in an IM service (whether it be from shoddy Unicode implementations, protocol tampering, poor error handling, etc) and it certainly won’t be the last.
If Apple (or any other cloud provider) really wanted to “facilitate Chinese surveillance,” there are much easier and harder to detect approaches they could use, like simply sending off a stockpile of data that they keep in their datacenter.
Sometimes a bug is just a bug.
Nobody_Holme
Why does your paranoia pick China here, rather than the US, 5 eyes in general, Russia, “the establishment”, etc?
anonymous coward
That’s easy to answer, NH.
Apple is entirely dependent on China. Without China, Apple would have to develop their own manufacturing facilities in other, better paid countries, and have assembly factories there, too. Without China’s filthy mining practices providing Apple with inexpensive access to rare earth minerals, Apple would have to find other mineral markets. All this would take a tremendous amount out of their budget, lowering profit projections, and, in turn, slashing their stock price. So, it’s really simple, Apple is beholden to China. And China, being a total surveillance state, has the leverage to compel Apple to insert crap into their code. Perhaps even into their chips, as well.
No other country has more effect on Apple than China, especially and including the Five Eyes.