A Vulnerability in Apple iOS Could Allow for Arbitrary Code Execution

ITS Advisory Number: 
2019-087
Date(s) Issued: 
Tuesday, August 27, 2019
Subject: 
A Vulnerability in Apple iOS Could Allow for Arbitrary Code Execution
Overview: 

A vulnerability has been discovered in Apple iOS, which could allow for arbitrary code execution. Apple iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch. Successful exploitation of this vulnerability could result in arbitrary code execution with system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected: 
  • iOS versions prior to 12.4.1
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
High
Description: 

A vulnerability has been discovered in Apple iOS, which if exploited could allow for arbitrary code execution with system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability exists due to a use-after-free error. Specifically, this issue occurs due to stale pointer left by 'in6_pcbdetach()' function.

Actions: 
  • After appropriate testing, immediately apply patches provided by Apple.
  • Remind users not to download, accept, or execute files from un-trusted or unknown sources.
  • Remind users not to visit untrusted websites or follow links provided by unknown or un-trusted sources.
References: 

Apple:
https://support.apple.com/en-us/HT210549

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8605

Office of Information Technology Services

Other Information

Language Access

Register to Vote

Sign up online or download and mail your application. Register Now