Multiple vulnerabilities in Apple iOS

Published: 2019-02-08 | Updated: 2019-02-11
Severity High
Patch available YES
Number of vulnerabilities 4
CVE ID CVE-2019-7287
CVE-2019-7286
CVE-2019-7288
CVE-2019-6223
CWE ID CWE-119
CWE-264
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerability #2 is being exploited in the wild.
Vulnerable software Apple iOS Subscribe
Vendor Apple Inc.

Security Advisory

1) Privilege escalation

Severity: High

CVSSv3: 8.4 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-7287

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists due to a boundary error in the IOKit component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Note: according to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.

Mitigation

Update to versions 12.1.4.

Vulnerable software versions

Apple iOS: 12.0, 12.0.1, 12.1, 12.1.1, 12.1.2, 12.1.3

CPE External links

https://support.apple.com/en-us/HT209520

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Memory corruption

Severity: High

CVSSv3: 7.5 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-7286

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists due to a boundary error in the Foundation component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

Note: according to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.

Mitigation

Update to versions 12.1.4.

Vulnerable software versions

Apple iOS: 12.0, 12.0.1, 12.1, 12.1.1, 12.1.2, 12.1.3

CPE External links

https://support.apple.com/en-us/HT209520
https://twitter.com/benhawkes?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E10935817379242598...

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

3) Security restrictions bypass

Severity: Low

CVSSv3: 6.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-7288

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to improper validation on the FaceTime server. A remote attacker can cause an error in Live Photos in FaceTime and bypass security restrictions.

Mitigation

Update to versions 12.1.4.

Vulnerable software versions

Apple iOS: 12.0, 12.0.1, 12.1, 12.1.1, 12.1.2, 12.1.3

CPE External links

https://support.apple.com/en-us/HT209520

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Security restrictions bypass

Severity: Low

CVSSv3: 4.9 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-6223

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to a logic issue in the handling of Group FaceTime calls. A remote attacker who is the initiator of a Group FaceTime call can cause the recipient to answer.

Mitigation

Update to versions 12.1.4.

Vulnerable software versions

Apple iOS: 12.0, 12.0.1, 12.1, 12.1.1, 12.1.2, 12.1.3

CPE External links

https://support.apple.com/en-us/HT209520

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.