News

Project Zero Team Reveal Exploits for 'Interactionless' iOS Attacks

Giulio Saggin
Giulio Saggin
Tuesday, 28 November 2023

The details and demo exploit code for five of six 'interactionless' vulnerabilities, which impact the iOS operating system and can be exploited via the iMessage client, have been published by Google's Project Zero team.

ZDNet reports that Natalie Silvanovich, one of the two Google Project Zero researchers behind the discovery, stated that "four of the six security bugs - CVE-2019-8641 (details kept private), CVE-2019-8647, CVE-2019-8660, and CVE-2019-8662 - can lead to the execution of malicious code on a remote iOS device, with no user interaction needed. All an attacker needs to do is to send a malformed message to a victim's phone, and the malicious code will execute once the user opens and views the received item."

The fifth and sixth bugs - CVE-2019-8624 and CVE-2019-8646 - can "allow an attacker to leak data from a device's memory and read files off a remote device, also with no user interaction."

All six security flaws were patched in Apple's iOS 12.4 release on July 22. The details of CVE-2019-8641 were kept private because Apple's iOS 12.4 patch did not completely resolve the bug.

If you want to stay informed about vulnerabilities, subscribe to SecAlerts and receive a free weekly report of CVEs and security news relating to your stack.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203