Researchers at Google disclosed details and proof-of-concept exploit
The flaws were reported by Google Project zero white hat hackers Samuel Groß and Natalie Silvanovich. Below the list of the flaws:
Google researchers did not disclose details for one these flaws, tracked as CVE-2019-8641, because the Apple iOS update patch did not completely address the flaw.
Apple addressed the vulnerabilities with the release of the latest iOS 12.4
The other flaw, tracked as CVE-2019-8646, is an out-of-bounds read that can be exploited by a remote attacker to read files stored on the target’s device. The flaw could be exploited by just sending a specially-crafted message via
Last week, Silvanovich also released details and a PoC exploit for another out-of-bounds read vulnerability, tracked as CVE-2019-8624, that could be exploited by remote attackers to leak memory and read files from the target devices.
The CVE-2019-8624 flaw resides in Digital Touch component of
(SecurityAffairs – Apple iOS, hacking)