Exploit:iPhoneOS/CVE-2014-4377

Threat description

Details

CATEGORYMalware
TYPEExploit
PLATFORMiPhoneOS

Summary

Exploit:iPhoneOS/CVE-2014-4377 identifies a maliciously crafted PDF document that attempts to exploit the CVE-2014-4377 vulnerability in iOS 7.1.x; successful exploitation would allow an attacker to remotely execute arbitrary code on the affected device.



Removal

Automatic action: Freedome

When enabled, F-Secure Freedome will automatically block an exploit attempt against the CVE-2014-4377 vulnerability.

Automatic action: Anti-Virus

The F-Secure security product will automatically block the exploit file, either at the point of file download or during on-access / on-demand system scanning.

Vulnerability Protection

The vulnerabilities (CVE-2014-4377 and CVE-2014-4378) leveraged by this exploit are found in operating system versions prior to iOS 8. To proactively prevent exploitation, please refer to the system vendor for the latest updates and additional advice.

Technical Details

CVE-2014-4377 is an identifier for a vulnerability in the way the iOS CoreGraphics framework handles PDF files. This vulnerability is found in versions of the iOS operating system prior to version 8.

iPhone, iPad and iTouch devices which have not been (or in some cases, cannot be) upgraded to the latest operating system version are affected by this vulnerability. Apple TVs below version 7 are also affected.

A proof-of-concept (POC) exploit - complete with source code - targeting the CVE-2014-4377 vulnerability was made publicly available in late September 2014. At the time of writing, no attacks in-the-wild against this vulnerability have been reported.

This vulnerability may be exploited by a maliciously crafted PDF document. In a web-based scenario, users may be lured or redirected to a specially crafted webpage containing a malformed PDF document. As the Safari browser allows PDF documents to be automatically loaded and displayed as HTML images without user interaction, the user may be unaware of the presence of such documents on the page. If the exploit file is successfully loaded on the web browser of a vulnerable device, the vulnerability is then automatically exploited.

To successfully complete, an attack would need to exploit an additional vulnerability (CVE-2014-4378); exploit code targeting this vulnerability is also publicly available.

If an attack is successful, the attacker may remotely execute arbitrary code on the affected device and may, essentially, gain complete system control.

More

For more information, see:

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

More Info