Apple iMessage Flaw Lets Remote Attackers Read Files on iPhones

From prodefence.org

An iMessage vulnerability patched by Apple as part of the 12.4 iOS update allows potential attackers to read contents of files stored on iOS devices remotely with no user interaction, as user mobile with no sandbox.

The security flaw tracked as CVE-2019-8646 was discovered by Google Project Zero security researcher Natalie Silvanovich who reported it to Apple during May.

The proof of concept Silvanovich created works only on devices running iOS 12 or later and it is designed as “a simple example to demonstrate the reach-ability of the class in Springboard. The actual consequences of the bug are likely more serious.”

Read more…