¹È¸èÐû²¼6¸öÖØ´óiOSÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-31

? Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-8641£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÔÝÎÞ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8647£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8660£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8662£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8646£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8624£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


iOS < 12.4


Îó²î¸ÅÊö


¹È¸è Project Zero ÍŶӵÄÁ½ÃûÑо¿Ô±¹ûÕæÁË6¸ö¡°ÎÞ½»»¥¡±Çå¾²Îó²îÖеÄ5¸öÎó²îµÄÏêÇéºÍPoC¡£¡£¡£ËüÃÇÓ°ÏìiOS²Ù×÷ϵͳ£¬£¬£¬£¬£¬¿É¾­ÓÉ iMessage ¿Í»§¶ËʹÓᣡ£¡£


ÆäÖÐ4¸öÎó²î¿Éµ¼ÖÂÔÚÔ¶³Ì iOS ×°±¸ÉÏÖ´ÐжñÒâ´úÂ룬£¬£¬£¬£¬ÇÒÎÞÐèÓû§½»»¥¡£¡£¡£¹¥»÷ÕßÐèÒª×öµÄ¾ÍÊǽ«¶ñÒâÐÅÏ¢·¢ËÍÖÁÊܺ¦ÕßÊÖ»ú£¬£¬£¬£¬£¬Ò»µ©Óû§·­¿ª²¢Éó²éÊÕµ½µÄÏîÄ¿£¬£¬£¬£¬£¬¶ñÒâ´úÂë¾Í»áÖ´ÐС£¡£¡£Õâ4¸öÎó²îÊÇCVE-2019-8641£¨ÏêÇéδ¹ûÕ棩¡¢CVE-2019-8647¡¢CVE-2019-8660 ºÍ CVE-2019-8662¡£¡£¡£µÚ5¸öºÍµÚ6¸öÎó²îCVE-2019-8624ºÍCVE-2019-8646¿Éµ¼Ö¹¥»÷Õßй¶װ±¸ÄÚ´æÐÅÏ¢²¢¶ÁÈ¡Ô¶³Ì×°±¸Îļþ£¬£¬£¬£¬£¬ÇÒ¾ùÎÞÐèÓû§½»»¥¡£¡£¡£


Îó²îÐÅÏ¢ÈçÏ£º


CVE-2019-8647

¸ÃÎó²îÊÇÊͷźóʹÓÃÎó²î£¬£¬£¬£¬£¬±£´æÓÚiOSµÄCore Data¿ò¼ÜÖУ¬£¬£¬£¬£¬ÓÉÓÚʹÓÃNSArray initWithCoderÒªÁìʱ±¬·¢²»Çå¾²µÄ·´ÐòÁл¯£¬£¬£¬£¬£¬Òò´Ë¿Éµ¼ÖÂí§Òâ´úÂëÖ´ÐеÄЧ¹û¡£¡£¡£Ëü¿É¾­ÓÉ iMessage ¿Í»§¶ËÔ¶³Ì´¥·¢¡£¡£¡£


CVE-2019-8660

ËüÊDZ£´æÓÚ Core Data ¿ò¼ÜºÍ Siri ×é¼þÖеÄÄÚ´æËð»µÎÊÌ⣬£¬£¬£¬£¬ÈçÔâʹÓ㬣¬£¬£¬£¬¿Éµ¼ÖÂÔ¶³Ì¹¥»÷ÕßÒý·¢Ó¦ÓóÌÐòÒì³£ÖÕÖ¹»òí§Òâ´úÂëÖ´ÐеÄЧ¹û¡£¡£¡£


CVE-2019-8662

¸ÃÎó²îÀàËÆÓÚ CVE-2019-8647£¬£¬£¬£¬£¬±£´æÓÚ iOS µÄ QuickLook ×é¼þÖУ¬£¬£¬£¬£¬Ò²¿É¾­ÓÉ iMessage ¿Í»§¶ËÔ¶³Ì´¥·¢¡£¡£¡£


CVE-2019-8624

¸ÃÎó²î±£´æÓÚ watchOS µÄ Digital Touch ×é¼þÖУ¬£¬£¬£¬£¬Ó°Ïì Apple Watch Series 1¼°ºóÐø°æ±¾¡£¡£¡£Æ»¹ûÒÑÔÚ±¾ÔÂÐû²¼ watchOS 5.3 ½â¾öÁ˸ÃÎÊÌâ¡£¡£¡£


CVE-2019-8646

¸ÃÎó²îҲλÓÚ Siri ºÍ Core Data iOS ×é¼þÖУ¬£¬£¬£¬£¬¿Éµ¼Ö¹¥»÷ÕßÔÚÎÞÐèÓû§½»»¥µÄÇéÐÎÏÂÔ¶³Ì¶ÁÈ¡´æ´¢ÔÚ iOS ÉϵÄÎļþÄÚÈÝ£¬£¬£¬£¬£¬ÀýÈçÎÞɳÏäµÄÓû§ÊÖ»ú¡£¡£¡£


Îó²îÑéÖ¤


POC:


https://bugs.chromium.org/p/project-zero/issues/detail?id=1873
https://bugs.chromium.org/p/project-zero/issues/detail?id=1874
https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
https://bugs.chromium.org/p/project-zero/issues/detail?id=1884

https://bugs.chromium.org/p/project-zero/issues/detail?id=1828


ÐÞ¸´½¨Òé


ËùÓеÄ6¸öÎó²îÒÑÓÚÉÏÖܼ´7ÔÂ22ÈÕÔÚÆ»¹ûÐû²¼µÄ iOS 12.4 °æ±¾ÖÐÐÞ¸´¡£¡£¡£ÆäÖÐ1¸öÎó²îµÄÏêÇ鲢δ¹ûÕ棬£¬£¬£¬£¬ÓÉÓÚiOS 12.4°æ±¾µÄ²¹¶¡²¢Î´ÍêÈ«ÐÞ¸´¸ÃÎÊÌâ¡£¡£¡£


²Î¿¼Á´½Ó


https://www.zdnet.com/article/google-researchers-disclose-vulnerabilities-for-interactionless-ios-attacks/