PT-2022-8293 · Apple · Iphone

Marc Ruef

Published

2022-06-25

Updated

2022-07-08

CVE-2019-25071

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apple iPhone versions up to 12.4.1

Description A critical issue has been found that affects Siri. It is possible to initiate Siri on the same device by playing an audio or video file, which could allow for remote execution of commands. The existence and implications of this issue are disputed by Apple, despite public demonstrations of the attack.

Recommendations For Apple iPhone versions up to 12.4.1, upgrade to version 13.0 to address this issue. As a temporary workaround, consider restricting the use of Siri on affected devices until the issue is resolved.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2019-25071

Affected Products

Iphone

PT-2022-8293 · Apple · Iphone

CVE-2019-25071

Weakness Enumeration

Related Identifiers

Affected Products

References · 7