Apple iOS 直到12.4.1 Siri Audio File Self 权限升级 ⚔ [有争议]

在Apple iOS 直到12.4.1中曾发现一漏洞, 此漏洞被申报为致命。受此漏洞影响的是未知功能的组件Siri。手动调试的该部分从属于：Audio File可导致权限升级 (Self)。漏洞的CWE定义是 CWE-269。此错误2019-05-15已发现。此漏洞的脆弱性 2019-10-10由公示人Marc Ruef、公示人所属公司scip AG、公示人身份iPhone Siri Self-Reference Exploiting、公示人类型为Blog Post (Website)所公布。分享公告的网址是scip.ch。此次披露发布已与供应商协调。该漏洞被称作为CVE-2019-25071，可以发起远程攻击，无技术细节可用。此外还有一个漏洞可利用。该漏洞利用已公开，可能会被利用。当前漏洞利用价值为美元大约是 $0-$5k。 MITRE ATT&CK项目使用攻击技术T1068来解决该问题。它被宣布为proof-of-concept。可以在youtube.com下载该漏洞利用。该漏洞至少在132日被作为非公开零日攻击。我们估计的零日攻击价值约为$25k-$100k。目前，此漏洞是否真实存在尚存疑惑。升级到版本13.0能够解决此问题。建议对受到影响的组件升级。该漏洞被披露后，远在此前发表过可能的缓解措施。

字段	2022-06-25 14時56分	2022-06-25 14時58分	2024-01-05 09時48分
vendor	Apple	Apple	Apple
name	iOS	iOS	iOS
version	<=12.4.1	<=12.4.1	<=12.4.1
component	Siri	Siri	Siri
input_type	Audio File	Audio File	Audio File
discoverydate	1557878400	1557878400	1557878400
vendorinformdate	1562716800	1562716800	1562716800
risk	2	2	2
cvss2_vuldb_basescore	6.8	6.8	6.8
cvss2_vuldb_tempscore	5.3	5.3	5.3
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	6.3	6.3	6.3
cvss3_meta_tempscore	5.7	5.7	5.7
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
titleword	Self	Self	Self
advisoryquote	It happened when playing a YouTube video on an iPhone XS with iOS 12.3.1; suddenly, Siri piped up. It was as if she had heard the command Hey, Siri and responded. But there was no such command in the video. At first, we thought it might be a coincidence.	It happened when playing a YouTube video on an iPhone XS with iOS 12.3.1; suddenly, Siri piped up. It was as if she had heard the command Hey, Siri and responded. But there was no such command in the video. At first, we thought it might be a coincidence.	It happened when playing a YouTube video on an iPhone XS with iOS 12.3.1; suddenly, Siri piped up. It was as if she had heard the command Hey, Siri and responded. But there was no such command in the video. At first, we thought it might be a coincidence.
date	1570665600 (2019-10-10)	1570665600 (2019-10-10)	1570665600 (2019-10-10)
location	Website	Website	Website
developer_mail	maru@**.	maru@**.	maru@**.
type	Blog Post	Blog Post	Blog Post
url	https://www.scip.ch/en/?labs.20191010	https://www.scip.ch/en/?labs.20191010	https://www.scip.ch/en/?labs.20191010
identifier	iPhone Siri Self-Reference Exploiting	iPhone Siri Self-Reference Exploiting	iPhone Siri Self-Reference Exploiting
coordination	1	1	1
person_name	Marc Ruef	Marc Ruef	Marc Ruef
person_mail	maru@**.	maru@**.	maru@**.
person_website	https://www.computec.ch/mruef/	https://www.computec.ch/mruef/	https://www.computec.ch/mruef/
company_name	scip AG	scip AG	scip AG
reaction_date	1562803200 (2019-07-11)	1562803200 (2019-07-11)	1562803200 (2019-07-11)
disputed	1	1	1
availability	1	1	1
date	1570665600 (2019-10-10)	1570665600 (2019-10-10)	1570665600 (2019-10-10)
publicity	1	1	1
url	https://www.youtube.com/watch?v=AeuGjMbAirU	https://www.youtube.com/watch?v=AeuGjMbAirU	https://www.youtube.com/watch?v=AeuGjMbAirU
developer_name	Marc Ruef	Marc Ruef	Marc Ruef
developer_website	https://www.computec.ch/mruef/	https://www.computec.ch/mruef/	https://www.computec.ch/mruef/
price_0day	$25k-$100k	$25k-$100k	$25k-$100k
name	升级	升级	升级
date	1569283200 (2019-09-24)	1569283200 (2019-09-24)	1569283200 (2019-09-24)
upgrade_version	13.0	13.0	13.0
advisoryquote	In accordance with the responsible disclosure process, we made prior email contact with Apple on July 10, 2019 and told them about our discovery. (…) The next day, the Apple Security Team replied. They indicated that the facts were correct, but they did not consider it a risk.	In accordance with the responsible disclosure process, we made prior email contact with Apple on July 10, 2019 and told them about our discovery. (…) The next day, the Apple Security Team replied. They indicated that the facts were correct, but they did not consider it a risk.	In accordance with the responsible disclosure process, we made prior email contact with Apple on July 10, 2019 and told them about our discovery. (…) The next day, the Apple Security Team replied. They indicated that the facts were correct, but they did not consider it a risk.
videolink	https://youtu.be/AeuGjMbAirU	https://youtu.be/AeuGjMbAirU	https://youtu.be/AeuGjMbAirU
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
reaction_days	76	76	76
0day_days	132	132	132
type	Smartphone Operating System	Smartphone Operating System	Smartphone Operating System
cwe	269 (权限升级)	269 (权限升级)	269 (权限升级)
cve	CVE-2019-25071	CVE-2019-25071	CVE-2019-25071
responsible	VulDB	VulDB	VulDB
response_summary	Apple claims, that after examining the report they do not see any actual security implications.	Apple claims, that after examining the report they do not see any actual security implications.	Apple claims, that after examining the report they do not see any actual security implications.
price_trend	+	+	+
response_date		1562796000 (2019-07-11)	1562796000 (2019-07-11)
cve_assigned			1656021600 (2022-06-24)
cve_nvd_summary			A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications.

◂ 上一步一览下一步 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!