If you own an iPhone, be aware that a new iMessage vulnerability has been recently found and patched by Apple. This was part of the iOS 12.4 update.
The flaw allowed hackers to access and read the contents of files stored on iOS devices remotely. They could access files the same way as the device owner with no sandbox, and with no user interaction needed.
In describing the issue itself, Silvanovich had this to say:
The issue was discovered by Natalie Silvanovich, who is a security researcher with Google’s Project Zero. As a proof of concept, she created a demo that only works on devices running iOS 12 or later. She describes it as “a simple example to demonstrate the reach-ability of the class in Springboard. The actual consequences of the bug are likely more serious.”
“First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage). Second, it allows an NSData object to be created with a length that is different than the length of its byte array. This violates a very basic property that should always be true of NSData objects. This can allow out of bounds reads, and could also potentially lead to out-of-bounds writes, as it is now possible to create NSData objects with very large sizes that would not be possible if the buffer was backed.”
As mentioned, this bug has already been patched, along with two other iMessage vulnerabilities that Silvanovich recently discovered. All of them were addressed in Apple’s most recent (12.4) update. If you’re not in the habit of installing security updates automatically, then you’ll need to grab this one and install it manually at your earliest convenience.
