iOS versions below 12.5
An Attacker could target Apple iOS devices just by sending a maliciously-crafted message via iMessage (CVE-2019-8647, CVE-2019-8662, CVE-2019-8660, CVE-2019-8646).
✦ CVE-2019-8647 (RCE via iMessage) ‐ This is a use-after-free vulnerability that resides in the Core Data framework of iOS that can cause arbitrary code execution due to insecure deserialization when NSArray initWithCoder method is used.
✦ CVE-2019-8662 (RCE via iMessage) ‐ This flaw is also similar to the above use-after-free vulnerability and resides in the QuickLook component of iOS, which can also be triggered remotely via iMessage.
✦ CVE-2019-8660 (RCE via iMessage) ‐ This is a memory corruption issue resides in Core Data framework and Siri component, which if exploited successfully, could allow remote attackers to cause unexpected application termination or arbitrary code execution.
✦ CVE-2019-8646 (File Read via iMessage) ‐ This flaw, which also resides in the Siri and Core Data iOS components, could allow an attacker to read the content of files stored on iOS devices remotely without user interactions, as user mobile with no-sandbox.
✦ Execute arbitrary code
✦ Data modifications
✦ Apply iOS 12.4 update
The information provided herein is on "as is" basis, without warranty of any kind.