Main Vulnerability Database Vulnerabilities #VU27193

#VU27193 Out-of-bounds write in Apple iOS

Published: April 22, 2020

Vulnerability identifier: #VU27193

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: N/A

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Apple iOS

Software vendor:
Apple Inc.

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing email in the iOS MobileMail. A remote attacker can send a specially crafted email message, trigger an out-of-bounds write and execute arbitrary code on the target system. No user interaction is required to execute arbitrary code.

Note, this vulnerability is being actively exploited in the wild.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/

#VU27193 Out-of-bounds write in Apple iOS

Description

Remediation

External links

Please verify you're human