Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641 (Jan 9, 2019)
The Project Zero team at Google have detailed a vulnerability in iMessage that can be exploited remotely to activate the camera and microphone, as well as steal emails, passwords, and text messages. The vulnerability (CVE-2019-8641) affects iOS 12.4, allowing a remote actor to cause unexpected application termination or arbitrary code execution. A patch was issued by Apple in August 2019, but users that are still running iOS 12.4 remain vulnerable to this type of attack. Researcher Samuel Gross demonstrated the weaknesses in a data-randomizing security feature called ASLR in the iPhone operating system, abusing the “receipts” feature in iMessages to accomplish remote code execution.
Recommendation: A patch for the CVE-2019-8641 vulnerability was issued by Apple in August 2019. All mobile device users should have updates installed automatically, so they do not forget or delay when these critical patches are available. While highlighting new security measures for Apple, Gross also suggests, “as much code as possible should be put behind user interaction, in particular when receiving messages from unknown senders.”
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.