Vulnerability in Apple iMessage Allows Attackers to Read User Data on iPhones
- The vulnerability was patched by Apple in iOS 12.4, which was released last week.
- Tracked as CVE-2019-8646, the flaw is an out-of-bounds issue in the iMessage application.
Apple’s instant messaging service iMessage contains a major security flaw in the application. The bug, which is an out-of-bounds issue, was actually fixed by Apple in iOS 12.4. However, security researcher Natalie Silvanovich of Google Project Zero came across this flaw in iMessage despite it being patched.
According to Silvanovich, the issue stems from a class called ‘_NSDataFileBackedFuture’ in the application, which could allow access to read files on the iPhone.
- In a bug report, Silvanovich describes the issue in detail. “The class _NSDataFileBackedFuture can be deserialized even if secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called,” she told.
- Tracked as CVE-2019-8646, the flaw is an out-of-bounds reads issue which is also said to lead to out-of-bounds write errors. It impacts all iPhones starting from iPhone 5s and later as well as devices such as iPad Air and iPod touch 6th generation.
- The researcher also developed a proof-of-concept for the flaw that includes recreating the issue with files on the phone. However, Silvanovich mentions that it only works for iOS 12 or later.
Other bugs disclosed
Apart from CVE-2019-8646, Silvanovich also disclosed multiple bugs in the iMessage application. This includes a use-after-free issue (CVE-2019-8647), memory corruption bug (CVE-2019-8660) and another out-of-bounds read (CVE-2019-8624). However, all of these are fixed by Apple in iOS 12.4. As of now, the resurfaced out-of-bounds issue is yet to be resolved by Apple.