¹È¸èÐû²¼6¸öÖØ´óiOSÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-31

? Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-8641£¬£¬Î£ÏÕ¼¶±ð£ºÔÝÎÞ£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8647£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8660£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8662£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8646£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-8624£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


iOS < 12.4


Îó²î¸ÅÊö


¹È¸è Project Zero ÍŶӵÄÁ½ÃûÑо¿Ô±¹ûÕæÁË6¸ö¡°ÎÞ½»»¥¡±Çå¾²Îó²îÖеÄ5¸öÎó²îµÄÏêÇéºÍPoC¡£¡£¡£¡£¡£ËüÃÇÓ°ÏìiOS²Ù×÷ϵͳ£¬£¬¿É¾­ÓÉ iMessage ¿Í»§¶ËʹÓᣡ£¡£¡£¡£


ÆäÖÐ4¸öÎó²î¿Éµ¼ÖÂÔÚÔ¶³Ì iOS ×°±¸ÉÏÖ´ÐжñÒâ´úÂ룬£¬ÇÒÎÞÐèÓû§½»»¥¡£¡£¡£¡£¡£¹¥»÷ÕßÐèÒª×öµÄ¾ÍÊǽ«¶ñÒâÐÅÏ¢·¢ËÍÖÁÊܺ¦ÕßÊÖ»ú£¬£¬Ò»µ©Óû§·­¿ª²¢Éó²éÊÕµ½µÄÏîÄ¿£¬£¬¶ñÒâ´úÂë¾Í»áÖ´ÐС£¡£¡£¡£¡£Õâ4¸öÎó²îÊÇCVE-2019-8641£¨ÏêÇéδ¹ûÕ棩¡¢CVE-2019-8647¡¢CVE-2019-8660 ºÍ CVE-2019-8662¡£¡£¡£¡£¡£µÚ5¸öºÍµÚ6¸öÎó²îCVE-2019-8624ºÍCVE-2019-8646¿Éµ¼Ö¹¥»÷Õßй¶װ±¸ÄÚ´æÐÅÏ¢²¢¶ÁÈ¡Ô¶³Ì×°±¸Îļþ£¬£¬ÇÒ¾ùÎÞÐèÓû§½»»¥¡£¡£¡£¡£¡£


Îó²îÐÅÏ¢ÈçÏ£º


CVE-2019-8647

¸ÃÎó²îÊÇÊͷźóʹÓÃÎó²î£¬£¬±£´æÓÚiOSµÄCore Data¿ò¼ÜÖУ¬£¬ÓÉÓÚʹÓÃNSArray initWithCoderÒªÁìʱ±¬·¢²»Çå¾²µÄ·´ÐòÁл¯£¬£¬Òò´Ë¿Éµ¼ÖÂí§Òâ´úÂëÖ´ÐеÄЧ¹û¡£¡£¡£¡£¡£Ëü¿É¾­ÓÉ iMessage ¿Í»§¶ËÔ¶³Ì´¥·¢¡£¡£¡£¡£¡£


CVE-2019-8660

ËüÊDZ£´æÓÚ Core Data ¿ò¼ÜºÍ Siri ×é¼þÖеÄÄÚ´æËð»µÎÊÌ⣬£¬ÈçÔâʹÓ㬣¬¿Éµ¼ÖÂÔ¶³Ì¹¥»÷ÕßÒý·¢Ó¦ÓóÌÐòÒì³£ÖÕÖ¹»òí§Òâ´úÂëÖ´ÐеÄЧ¹û¡£¡£¡£¡£¡£


CVE-2019-8662

¸ÃÎó²îÀàËÆÓÚ CVE-2019-8647£¬£¬±£´æÓÚ iOS µÄ QuickLook ×é¼þÖУ¬£¬Ò²¿É¾­ÓÉ iMessage ¿Í»§¶ËÔ¶³Ì´¥·¢¡£¡£¡£¡£¡£


CVE-2019-8624

¸ÃÎó²î±£´æÓÚ watchOS µÄ Digital Touch ×é¼þÖУ¬£¬Ó°Ïì Apple Watch Series 1¼°ºóÐø°æ±¾¡£¡£¡£¡£¡£Æ»¹ûÒÑÔÚ±¾ÔÂÐû²¼ watchOS 5.3 ½â¾öÁ˸ÃÎÊÌâ¡£¡£¡£¡£¡£


CVE-2019-8646

¸ÃÎó²îҲλÓÚ Siri ºÍ Core Data iOS ×é¼þÖУ¬£¬¿Éµ¼Ö¹¥»÷ÕßÔÚÎÞÐèÓû§½»»¥µÄÇéÐÎÏÂÔ¶³Ì¶ÁÈ¡´æ´¢ÔÚ iOS ÉϵÄÎļþÄÚÈÝ£¬£¬ÀýÈçÎÞɳÏäµÄÓû§ÊÖ»ú¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


POC:


https://bugs.chromium.org/p/project-zero/issues/detail?id=1873
https://bugs.chromium.org/p/project-zero/issues/detail?id=1874
https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
https://bugs.chromium.org/p/project-zero/issues/detail?id=1884

https://bugs.chromium.org/p/project-zero/issues/detail?id=1828


ÐÞ¸´½¨Òé


ËùÓеÄ6¸öÎó²îÒÑÓÚÉÏÖܼ´7ÔÂ22ÈÕÔÚÆ»¹ûÐû²¼µÄ iOS 12.4 °æ±¾ÖÐÐÞ¸´¡£¡£¡£¡£¡£ÆäÖÐ1¸öÎó²îµÄÏêÇ鲢δ¹ûÕ棬£¬ÓÉÓÚiOS 12.4°æ±¾µÄ²¹¶¡²¢Î´ÍêÈ«ÐÞ¸´¸ÃÎÊÌâ¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://www.zdnet.com/article/google-researchers-disclose-vulnerabilities-for-interactionless-ios-attacks/