New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Apple iMessage Found to Have Vulnerability

iMessage, Apple’s instant messaging system was found to have an out-of-bounds issue being tracked as CVE-2019-8646. Apple claims to have patched the bug in iOS 12.4, but it seems as if a security researcher has proved this to claim to be untrue. Based on the researcher’s efforts, he claims the flaw resides in the application and is named “_NSDataFileBackedFuture.” If all steps are done correctly, an unauthorized party could have access to read files on the iPhone. Furthermore, the researcher states, “The class _NSDataFileBackedFuture can be deserialized even if the secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called.” This issue affects all iPhones model 5S and later, along with the iPad Air and 6th generation iPod Touch running on iOS 12 or later. A proof-of-concept was developed, and it recreated the issue.

Analyst Notes

Although the flaw was able to be exploited after an apparent patch, users should still download the latest version of iOS immediately as older versions are likely to be more vulnerable.