Google exposes a PoC iMessage vulnerability that access the iOS device files

malformed message iMessage

"iMessage Logo Design" by James Landing is licensed under CC BY-ND 4.0

The Google Project Zero team just released a proof-of-concept video of the iMessage vulnerability, confirming that the bug would allow an attacker to access files on an iOS device. At the Black Hat Security Conference held in Las Vegas earlier this month, the vulnerability has been discussed. Google followed the disclosure rules and notified Apple of this vulnerability (CVE-2019-8646) in May of this year, giving the company 90 days to fix it.

As part of the iOS 12.4 update, Apple did complete the patching of CVE-2019-8646 by the deadline for the disclosure of the vulnerability.

Now, Google’s Project Zero researcher Natalie Silvanovich, who discovered the vulnerability, has published a post that explains the technical principles behind it. Interested friends can check out the analysis here.

Via: mspoweruser