¹È¸èÐû²¼6¸öÖØ´óiOSÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-31

? Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-8641£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÔÝÎÞ£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8647£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8660£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8662£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8646£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8624£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


iOS < 12.4


Îó²î¸ÅÊö


¹È¸è Project Zero ÍŶӵÄÁ½ÃûÑо¿Ô±¹ûÕæÁË6¸ö¡°ÎÞ½»»¥¡±Çå¾²Îó²îÖеÄ5¸öÎó²îµÄÏêÇéºÍPoC¡£¡£ ¡£ËüÃÇÓ°ÏìiOS²Ù×÷ϵͳ£¬£¬£¬£¬¿É¾­ÓÉ iMessage ¿Í»§¶ËʹÓᣡ£ ¡£


ÆäÖÐ4¸öÎó²î¿Éµ¼ÖÂÔÚÔ¶³Ì iOS ×°±¸ÉÏÖ´ÐжñÒâ´úÂ룬£¬£¬£¬ÇÒÎÞÐèÓû§½»»¥¡£¡£ ¡£¹¥»÷ÕßÐèÒª×öµÄ¾ÍÊǽ«¶ñÒâÐÅÏ¢·¢ËÍÖÁÊܺ¦ÕßÊÖ»ú£¬£¬£¬£¬Ò»µ©Óû§·­¿ª²¢Éó²éÊÕµ½µÄÏîÄ¿£¬£¬£¬£¬¶ñÒâ´úÂë¾Í»áÖ´ÐС£¡£ ¡£Õâ4¸öÎó²îÊÇCVE-2019-8641£¨ÏêÇéδ¹ûÕ棩¡¢CVE-2019-8647¡¢CVE-2019-8660 ºÍ CVE-2019-8662¡£¡£ ¡£µÚ5¸öºÍµÚ6¸öÎó²îCVE-2019-8624ºÍCVE-2019-8646¿Éµ¼Ö¹¥»÷Õßй¶װ±¸ÄÚ´æÐÅÏ¢²¢¶ÁÈ¡Ô¶³Ì×°±¸Îļþ£¬£¬£¬£¬ÇÒ¾ùÎÞÐèÓû§½»»¥¡£¡£ ¡£


Îó²îÐÅÏ¢ÈçÏ£º


CVE-2019-8647

¸ÃÎó²îÊÇÊͷźóʹÓÃÎó²î£¬£¬£¬£¬±£´æÓÚiOSµÄCore Data¿ò¼ÜÖУ¬£¬£¬£¬ÓÉÓÚʹÓÃNSArray initWithCoderÒªÁìʱ±¬·¢²»Çå¾²µÄ·´ÐòÁл¯£¬£¬£¬£¬Òò´Ë¿Éµ¼ÖÂí§Òâ´úÂëÖ´ÐеÄЧ¹û¡£¡£ ¡£Ëü¿É¾­ÓÉ iMessage ¿Í»§¶ËÔ¶³Ì´¥·¢¡£¡£ ¡£


CVE-2019-8660

ËüÊDZ£´æÓÚ Core Data ¿ò¼ÜºÍ Siri ×é¼þÖеÄÄÚ´æËð»µÎÊÌ⣬£¬£¬£¬ÈçÔâʹÓ㬣¬£¬£¬¿Éµ¼ÖÂÔ¶³Ì¹¥»÷ÕßÒý·¢Ó¦ÓóÌÐòÒì³£ÖÕÖ¹»òí§Òâ´úÂëÖ´ÐеÄЧ¹û¡£¡£ ¡£


CVE-2019-8662

¸ÃÎó²îÀàËÆÓÚ CVE-2019-8647£¬£¬£¬£¬±£´æÓÚ iOS µÄ QuickLook ×é¼þÖУ¬£¬£¬£¬Ò²¿É¾­ÓÉ iMessage ¿Í»§¶ËÔ¶³Ì´¥·¢¡£¡£ ¡£


CVE-2019-8624

¸ÃÎó²î±£´æÓÚ watchOS µÄ Digital Touch ×é¼þÖУ¬£¬£¬£¬Ó°Ïì Apple Watch Series 1¼°ºóÐø°æ±¾¡£¡£ ¡£Æ»¹ûÒÑÔÚ±¾ÔÂÐû²¼ watchOS 5.3 ½â¾öÁ˸ÃÎÊÌâ¡£¡£ ¡£


CVE-2019-8646

¸ÃÎó²îҲλÓÚ Siri ºÍ Core Data iOS ×é¼þÖУ¬£¬£¬£¬¿Éµ¼Ö¹¥»÷ÕßÔÚÎÞÐèÓû§½»»¥µÄÇéÐÎÏÂÔ¶³Ì¶ÁÈ¡´æ´¢ÔÚ iOS ÉϵÄÎļþÄÚÈÝ£¬£¬£¬£¬ÀýÈçÎÞɳÏäµÄÓû§ÊÖ»ú¡£¡£ ¡£


Îó²îÑéÖ¤


POC:


https://bugs.chromium.org/p/project-zero/issues/detail?id=1873
https://bugs.chromium.org/p/project-zero/issues/detail?id=1874
https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
https://bugs.chromium.org/p/project-zero/issues/detail?id=1884

https://bugs.chromium.org/p/project-zero/issues/detail?id=1828


ÐÞ¸´½¨Òé


ËùÓеÄ6¸öÎó²îÒÑÓÚÉÏÖܼ´7ÔÂ22ÈÕÔÚÆ»¹ûÐû²¼µÄ iOS 12.4 °æ±¾ÖÐÐÞ¸´¡£¡£ ¡£ÆäÖÐ1¸öÎó²îµÄÏêÇ鲢δ¹ûÕ棬£¬£¬£¬ÓÉÓÚiOS 12.4°æ±¾µÄ²¹¶¡²¢Î´ÍêÈ«ÐÞ¸´¸ÃÎÊÌâ¡£¡£ ¡£


²Î¿¼Á´½Ó


https://www.zdnet.com/article/google-researchers-disclose-vulnerabilities-for-interactionless-ios-attacks/