Vulnerability in iOS 12 allows attackers to retrieve files from Apple devices without user interaction
unrated
Sources
Risks
Remote data exfiltration without user interaction.
Description
An attacker can send a specially crafted iMessage to a vulnerable Apple iOS device, resulting in remote data access. This leads to privacy risks, such as having your photos, text messages, etc leaked on the public internet, we advise to patch your iOS device(s) now.
Analysis
The issue is caused by the _NSDataFileBackedFuture class which can be deserialized even if secure encoding is enabled leading to two major problems:
- Arbitrary access to local files is allowed if the code deserializing the buffer shares memory with it.
- An NSData object can be created with a length mismatch with the length of its byte array, leading to remote reads (and potentially write operations).
These actions could lead, for example to the SMS database or binary files (like images) to be exfiltrated without user interaction.
Recommended Actions
CERT.be recommends all users of Apple iOS devices to upgrade their devices to the latest version of iOS today.
remark: Only iPhone models 5s and later, iPad Air (and later iPad models), iPod Touch 6th generation and later are able to run iOS 12. This vulnerability only exists in iOS 12.