Google은 쉽게 악용 될수있는 6 개의 iOS 버그를 발견했습니다.

ment 7/31 '19 posted 뉴스 IT

• 버그를 발견하여 보고한 Google Project Zero의 2 명의 연구자 중 한 명인 Natalie Silvanovich에 따르면, Apple의 iOS 12.4 패치가 버그를 완전히 해결하지 못했기 때문에 "상호 작용없는" 취약점 중 하나에 대한 세부 사항은 공개되지 않았습니다.

• 다섯 번째 및 여섯 번째 버그 (CVE-2019-8624 및 CVE-2019-8646)는 침입자가 장치의 메모리에서 데이터를 유출하고 원격 장치에서 파일을 읽을 수있게 해줍니다. 사용자의 조작없이도.

• 그 중 4 개 (CVE-2019-8647, CVE-2019-8660 및 CVE-2019-8662) 공격자가 그것이 열리는 즉시 실행될 수있는 악성 코드가 포함 된 메시지를 보내는 것과 관련이 있습니다.

• 즉, 장치를 악용하기 위해, 사용자 측에서 아무것도 할 필요가 없습니다.

• Zerodium가 공표한 가격 차트에 따르면, 암시장에서 판매된 경우 이러한 취약점으로 인해 100 만 달러를 훨씬 넘는 돈이 버그 헌터에게 갈 수 있습니다.

• Silvanovich가 막 5 백만 달러 이상의 가치가 있는 공격에 대한 세부 사항을 발표했으며, 약 1 천만 달러 상당의 가능성이 있다고 말하는 것은 과장이 아닐 것입니다.

Google discovered six iOS bugs that could have been easily exploited [www.imore.com]

Google Finds iMessage Bug That Exposes Files on an iPhone [news.softpedia.com]

Six critical vulnerabilities found in iMessage - update to iOS 12.4 now [www.kaspersky.com]

Google's Project Zero found six iPhone 'interactionless' vulnerabilities [www.techspot.com]

Google researchers disclose vulnerabilities for 'interactionless' iOS attacks [www.zdnet.com]

Six serious 'zero interaction' vulnerabilities found in iOS [9to5mac.com]

Apple iMessage Flaw Allows Remote Attackers to Read iPhone Messages [threatpost.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

7/31 '19 answered

Update to iOS 12.4 right away https://t.co/jrwjQJjJ2p pic.twitter.com/rXNSlEVgOR
— CSPF (@CyberSecurityPr) July 30, 2019

애플 iOS에서 사용자가 링크를 누르거나 파일을 여는 등의 아무 조작을 하지 않아도 원격으로 정보를 유출시킬 수 있는 보안 취약점이 최근 다수 발견되었다는 뉴스 https://t.co/PRE2OywT63 대부분은 iOS 12.4로 패치되었지만 1개는 아직 완전히 패치된 것은 아니라고...
— H. Kim (@metavital) July 30, 2019

Google researchers disclose vulnerabilities for 'interactionless' iOS attacks | ZDNet https://t.co/KZCE8I7vwV @robmay70 @archonsec @ChuckDBrooks @mclynd @DrJDrooghaag @AlaricAloor @Shirastweet @clarinette02 @MHcommunicate @m49D4ch3lly @mirko_ross @envescent
— Philippe Vynckier (@PVynckier) July 30, 2019

Remote exploitation can be achieved with no user interaction. #cybersecurity #infosec https://t.co/EfoUVxntow
— Ronald van der Meer (@ronaldvdmeer) July 30, 2019

permanent link

Open Wiki - Feel free to edit it. -

7/31 '19 answered

Google은 쉽게 악용 될수있는 6 개의 iOS 버그를 발견했습니다. https://t.co/ROI6WkTZT0
• 다섯 번째 및 여섯 번째 버그 (CVE-2019-8624 및 CVE-2019-8646)는 침입자가 장치의 메모리에서 데이터를 유출하고 원격 장치에서 파일을 읽을 수있게 해줍니다. 사용자의 조작없이도.
— editoy (@editoy) July 31, 2019

Six severe vulnerabilities in iMessage that allow remote code execution and data stealing with no user interaction? Sounds like a good reason to update to iOS 12.4 as soon as possible. https://t.co/hiXbC54MzF via @InfoSecHotSpot pic.twitter.com/UlnyWP5ci8
— Sean Harris (@InfoSecHotSpot) July 30, 2019

Google researchers disclose vulnerabilities for 'interactionless' iOS attacks https://t.co/6Q5q8xgzk7 #Cybersecurity #cybercrime #cyberattacks #hacker #hack #breach #phishing #dos #ransomware #malware #virus #apt #pii #nist #fcc #finra #hipaa #pci pic.twitter.com/W9dXYHeWiy
— Rich Tehrani (@rtehrani) July 30, 2019

These vulnerabilities are nearly as bad as it gets. As far as I can tell two are run-of-the-mill bounds checking errors and the other ones are problems with complicated, open-ended deserialization. "Good coders can write safe C" seems more wrong every day. https://t.co/KOZmEkRUc4
— Stephen Judkins (@stephenjudkins) July 30, 2019

Two members of Project Zero, Google's elite bug-hunting team, have published details and demo proof-of-concept code for five of six "interactionless" security bugs that impact the iOS operating system and can be exploited via the iMessage client.
https://t.co/YSlgffd0lV
— wilderko (@wilderko) July 30, 2019

Apple iMessage Flaw Allows Remote Attackers to Read iPhone Messages
Remote exploitation can be achieved with no user interaction.https://t.co/r7YpgiC2JO
— ReIncarnatedET (@ReIncarnatedET) July 31, 2019

Apple iMessage Flaw Allows Remote Attackers to Read iPhone Messages: https://t.co/lhKKgzm85G via @threatpost
— Eyes On Q ?? (@EyesOnQ) July 31, 2019

Apple iMessage Flaw Allows Remote Attackers to Read iPhone Messages: https://t.co/iFV0V46VYf
— The Cyber Security Hub (@TheCyberSecHub) July 30, 2019

Remote exploitation can be achieved with no user interaction. https://t.co/d2nTV6SEO6 via @InfoSecHotSpot pic.twitter.com/l7b2vm7Hxq
— Sean Harris (@InfoSecHotSpot) July 30, 2019

#google project zero discovers Five bugs in #Apple iMessage for the #iPhone that require no user interaction to #Exploit, one allows remote #hackers to access content stored on #iOS devices https://t.co/jKc7uIFckI
— HackerStorm (@hackerstorm) July 30, 2019

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured