Apple iMessage Flaw Lets Remote Attackers Read Files on iPhone (Jul 29, 2019)
A vulnerability affecting Apple iMessage has been identified by Google’s Project Zero researchers. The vulnerability, registered as, “CVE-2019-8646” could allow attackers to remotely read the contents of files stored on iOS devices. A security update was issued on July 22, along with patches for a memory vulnerability, “CVE-2019-8660” and “CVE-2019-8647” that could allow remote code execution on various iOS devices.
Recommendation: iOS users who are not subscribed to automatic updates should apply the update as soon as possible due to the possibility for an actor to take control of an affected system.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.