Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about the example analysis of many serious vulnerabilities in Apple Mail, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following for you. I hope you can get something from this article.

0x00 vulnerability background

On April 24, 2020, 360CERT Monitoring and Discovery Security Forensics Company zecOps published an analysis of multiple Apple Mail vulnerabilities in its blog. The vulnerability can trigger remote code execution vulnerabilities without interaction under certain conditions. The vulnerability level is serious.

Apple Mail is the default mail management application on iOS system, which is widely used in different countries and regions.

There are several vulnerabilities in Apple Mail, of which a heap overflow is the most serious, and a malicious attacker can send a specially crafted email to the user to trigger an attack to complete remote code execution.

The vulnerability affects iPhone and iPad with iOS 6 and later, including iOS 13.4.1. At present, Apple officially provides only one beta version of the patch, there is no official version of the patch, the vulnerability is still being exploited in the wild.

In this regard, 360CERT recommends that the majority of users continue to pay attention to the push of Apple official system updates and install the latest patches in time after iOS updates are available to avoid hacker attacks.

0x01 risk rating

360CERT's assessment of the incident is as follows

Rating methods, threat levels, seriously affecting a wide range of 0x02 vulnerability details

ZecOps found that the implementation of MFMutableData in the iOS MIME library lacks exception detection for system calls to the ftruncate () method, which leads to an out-of-bounds write vulnerability. At the same time, zecOps also found a chain of exploits that can trigger ftruncate () to cause out-of-bounds writing vulnerabilities without waiting for the system call to fail. In addition, they found a heap overflow vulnerability that can be triggered remotely.

When Apple Mail remotely triggers the vulnerability when processing downloaded email, different versions of iOS have different exploit attempts:

Users may see Apple Mail applications crash after attempting to exploit vulnerabilities (success / failure) on iOS 12

On iOS 13, there is no other characteristic phenomenon except that the system will stutter temporarily.

A failed exploit could cause a user to receive the contents of an This message has no content email.

Affected libraries: / System/Library/PrivateFrameworks/MIME.framework/MIME

Vulnerability method:-[MFMutableData appendBytes:length:]

ZecOps security researchers have found that the vulnerability has been exploited by several APT organizations for two years, and it has been found that the earliest exploitation in the field can be traced back to January 2018.

0x03 affects version

IOS 6 and later, including iOS 13.4.1

Previous versions of iOS 6 may also be vulnerable and have not yet been verified, according to zecoOps security researchers

0x04 repair recommendation

At present, Apple officially provides only one beta version of the patch, there is no official version of the patch, the vulnerability is still being exploited in the wild.

360CERT recommends that users continue to follow the push of Apple official system updates and install the latest patches as soon as iOS updates are available.

After reading the above, do you have any further understanding of the example analysis of several serious vulnerabilities exploited in Apple Mail? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.