¹È¸è°ä²¼6¸ö³Á´óiOS·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-07-31

? ·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-8641£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÔÝÎÞ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8647£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8660£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8662£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8646£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8624£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


iOS < 12.4


·ì϶¸ÅÊö


¹È¸è Project Zero ÍŶӵÄÁ½Ãû×êÑÐÔ±¹«¿ªÁË6¸ö¡°ÎÞ½»»¥¡±°²È«·ì϶ÖеÄ5¸ö·ì϶µÄÏêÇéºÍPoC¡£¡£¡£¡£¡£ËüÃÇÓ°ÏìiOS²Ù×÷ϵͳ£¬£¬£¬£¬£¬£¬¿É¾­ÓÉ iMessage ¿Í»§¶ËÀûÓᣡ£¡£¡£¡£


ÆäÖÐ4¸ö·ì϶¿Éµ¼ÖÂÔÚÔ¶³Ì iOS É豸ÉÏÖ´ÐжñÒâ´úÂ룬£¬£¬£¬£¬£¬ÇÒÎÞÐèÓû§½»»¥¡£¡£¡£¡£¡£¹¥»÷Õß±ØÒª×öµÄ¾ÍÊǽ«¶ñÒâÐÅÏ¢·¢ËÍÖÁÊܺ¦ÕßÊÖ»ú£¬£¬£¬£¬£¬£¬Ò»µ©Óû§´ò¿ª²¢²é¿´ÊÕµ½µÄÏîÄ¿£¬£¬£¬£¬£¬£¬¶ñÒâ´úÂë¾Í»áÖ´ÐÓ×£¡£¡£¡£¡£Õâ4¸ö·ì϶ÊÇCVE-2019-8641£¨ÏêÇéδ¹«¿ª£©¡¢CVE-2019-8647¡¢CVE-2019-8660 ºÍ CVE-2019-8662¡£¡£¡£¡£¡£µÚ5¸öºÍµÚ6¸ö·ì϶CVE-2019-8624ºÍCVE-2019-8646¿Éµ¼Ö¹¥»÷Õßй¶É豸ÄÚ´æÐÅÏ¢²¢¶ÁÈ¡Ô¶³ÌÉ豸Îļþ£¬£¬£¬£¬£¬£¬ÇÒ¾ùÎÞÐèÓû§½»»¥¡£¡£¡£¡£¡£


·ì϶ÐÅÏ¢ÈçÏ£º


CVE-2019-8647

¸Ã·ì϶ÊÇ¿ªÊͺóʹÓ÷ì϶£¬£¬£¬£¬£¬£¬´æÔÚÓÚiOSµÄCore Data¿ò¼ÜÖУ¬£¬£¬£¬£¬£¬ÓÉÓÚʹÓÃNSArray initWithCoder²½Öèʱ²úÉú²»°²È«µÄ·´ÐòÁл¯£¬£¬£¬£¬£¬£¬Òò¶ø¿Éµ¼ÖÂËÁÒâ´úÂëÖ´Ðеĺó¹û¡£¡£¡£¡£¡£Ëü¿É¾­ÓÉ iMessage ¿Í»§¶ËÔ¶³Ì´¥·¢¡£¡£¡£¡£¡£


CVE-2019-8660

ËüÊÇ´æÔÚÓÚ Core Data ¿ò¼ÜºÍ Siri ×é¼þÖеÄÄÚ´æ°Ü»µÎÊÌ⣬£¬£¬£¬£¬£¬ÈçÔâÀûÓ㬣¬£¬£¬£¬£¬¿Éµ¼ÖÂÔ¶³Ì¹¥»÷ÕßÒý·¢ÀûÓ÷¨Ê½Òì³£ÖÕÖ¹»òËÁÒâ´úÂëÖ´Ðеĺó¹û¡£¡£¡£¡£¡£


CVE-2019-8662

¸Ã·ì϶ÀàËÆÓÚ CVE-2019-8647£¬£¬£¬£¬£¬£¬´æÔÚÓÚ iOS µÄ QuickLook ×é¼þÖУ¬£¬£¬£¬£¬£¬Ò²¿É¾­ÓÉ iMessage ¿Í»§¶ËÔ¶³Ì´¥·¢¡£¡£¡£¡£¡£


CVE-2019-8624

¸Ã·ì϶´æÔÚÓÚ watchOS µÄ Digital Touch ×é¼þÖУ¬£¬£¬£¬£¬£¬Ó°Ïì Apple Watch Series 1¼°ºóÐø°æ±¾¡£¡£¡£¡£¡£Æ»¹ûÒÑÔÚ±¾Ô°䲼 watchOS 5.3 ½â¾öÁ˸ÃÎÊÌâ¡£¡£¡£¡£¡£


CVE-2019-8646

¸Ã·ì϶ҲλÓÚ Siri ºÍ Core Data iOS ×é¼þÖУ¬£¬£¬£¬£¬£¬¿Éµ¼Ö¹¥»÷ÕßÔÚÎÞÐèÓû§½»»¥µÄÇé¿öÏÂÔ¶³Ì¶ÁÈ¡´æ´¢ÔÚ iOS ÉϵÄÎļþÄÚÈÝ£¬£¬£¬£¬£¬£¬ÀýÈçÎÞɳÏäµÄÓû§ÊÖ»ú¡£¡£¡£¡£¡£


·ì϶ÑéÖ¤


POC:


https://bugs.chromium.org/p/project-zero/issues/detail?id=1873
https://bugs.chromium.org/p/project-zero/issues/detail?id=1874
https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
https://bugs.chromium.org/p/project-zero/issues/detail?id=1884

https://bugs.chromium.org/p/project-zero/issues/detail?id=1828


½¨¸´½¨Òé


ËùÓеÄ6¸ö·ì϶ÒÑÓÚÉÏÖܼ´7ÔÂ22ÈÕÔÚÆ»¹û°ä²¼µÄ iOS 12.4 °æ±¾Öн¨¸´¡£¡£¡£¡£¡£ÆäÖÐ1¸ö·ì϶µÄÏêÇ鲢δ¹«¿ª£¬£¬£¬£¬£¬£¬ÓÉÓÚiOS 12.4°æ±¾µÄ²¹¶¡²¢Î´ÆëÈ«½¨¸´¸ÃÎÊÌâ¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://www.zdnet.com/article/google-researchers-disclose-vulnerabilities-for-interactionless-ios-attacks/