This is a nightmare, but thank you for detailing this. Having only read a little bit of this and not understanding it, it seems like the exploit works even if the recipient does not open or interact with the malicious message? Is that what i’m understanding?
JATtho@lemmy.world 10 months ago
The attack is spread via iMessage. A vulnerable device merely needs to receive a bad message with PDF attachment. --> A Remote code execution. No user interaction.
Yikes. Indeed.
The attack entry point is via bad TrueType font + PDF attachment that only needs to processed once. Once a process touches that, the attack vector begins and exploits are chained until they get kernel mode access. After getting kernel mode access all hope is lost, the attacker owns the device.
Only sliver of hope is that fixing the attack entry point blocks the current attack. And that bug is:
But unless all the CVEs are patched, it is just matter of time a new attack entry point is found.