30 July 19, 15:50
(This post was last modified: 30 July 19, 15:52 by silversurfer.)
Quote:A Google security engineer discovered a critical bug in Apple’s iMessage platform that allowed an attacker to obtain access to data stored on an iPhone.
Natalie Silvanovich, security researcher and part of the Google Project Zero team, says they discovered a total of five different bugs in iMessage.
All of them have already been reported to Apple and are subject to a 90-day disclosure policy, as per the Project Zero program. According to the researcher, the five issues are the following:The iMessage bug, which can be reproduced using the instructions on the page linked above, was reported to Apple back in May. The company included a patch in iOS 12.4, so iPhone users are recommended to install the new software update as soon as possible.
- CVE-2019-8647 - remote, interactionless use-after-free
- CVE-2019-8662 - similar to CVE-2019-8647
- CVE-2019-8660 - remote, interactionless memory corruption
- CVE-2019-8646 - allows an attacker to read files off a remote device with no user interaction, as user mobile with no sandbox
- CVE-2019-8641 - still private, as fix not yet available
SOURCE: https://news.softpedia.com/news/google-f...6878.shtml
![[-]](https://www.geeks.fyi/images/collapse.png)
