严重 iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
CVE编号
CVE-2019-8660利用情况
EXP 已公开补丁情况
官方补丁披露时间
2019-12-19漏洞描述
There is a memory corruption vulnerability when decoding an object of class NSKnownKeysDictionary1. This class decodes an object of type NSKnownKeysMappingStrategy1, which decodes a length member which is supposed to represent the length of the keys of the dictionary. However, this member is decoded before the keys are decoded, so if a key is an instance of NSKnownKeysDictionary1 which also uses this instance of NSKnownKeysMappingStrategy1, the mapping strategy will be used before the length is checked. The NSKnownKeysDictionary1 instance uses this length to allocate a buffer, and the length is multiplied by 8 during this allocation without an integer overflow check. The code will then attempt to copy the values array (another decoded parameter) into the buffer using the unmultiplied length.解决建议
升级IOS官方补丁。
参考链接 |
|
|---|---|
| https://support.apple.com/HT210346 | |
| https://support.apple.com/HT210348 | |
| https://support.apple.com/HT210351 | |
| https://support.apple.com/HT210353 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | apple | iphone_os | * | Up to (excluding) 12.4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | apple | mac_os_x | * | Up to (excluding) 10.14.6 | |||||
| 运行在以下环境 | |||||||||
| 系统 | apple | tvos | * | Up to (excluding) 12.4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | apple | watchos | * | Up to (excluding) 5.3 | |||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 全局影响
- EXP成熟度 EXP 已公开
- 补丁情况 官方补丁
- 数据保密性 数据泄露
- 数据完整性 传输被破坏
- 服务器危害 服务器失陷
- 全网数量 N/A
| CWE-ID | 漏洞类型 |
| CWE-787 | 跨界内存写 |
Exp相关链接
- avd.aliyun.com
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论