Apple released iOS 12.3 on May 13 to fix multiple vulnerabilities. The most severe being CVE-2019-8664, an iMessage vulnerability which allows attackers to crash iPhones using a denial of service method. To help prevent this vulnerability from being exploited on your iPhones, you can use the custom color-coded audit from Lansweeper to identify outdated iPhones iOS versions in your environment.
The vulnerability discovery was credited to Natalie Silvanovich, a researcher for Google’s Project Zero. This is also the reason why the disclosure came so late, Google’s policy is to disclose research 90 days after discovery to prevent exploitation.
The CVE-2019-8664 iMessage vulnerability allows attackers to send an iMessage that crashes and respawns the iPhone’s Springboard over and over again, causing a DDOS like effect. To recover from a successful exploitation, you will either need to wipe the iPhone remotely using the “Find My iPhone” functionality or set the device in recovery mode and update it to the latest version using iTunes.
Apple released the iOS 12.3 version to fix the iMessage vulnerability on May 13, 2019. Currently, based on statistics from Statcounter, an estimate of 48% of all iOS devices remains unpatched and are vulnerable.
Discover Outdated iPhone Devices via Intune Scanning
Lansweeper scans detailed information like operating system and the version it is using Microsoft Intune’s API. This gives you immediate visibility into your mobile environment in no time with the help of our built-in and custom reports.
Our custom color-coded vulnerability audit can tell you in no time which devices have an outdated operating system version and need to be patched.
If you haven’t already, start your free Lansweeper trial and get a report of all vulnerable devices in no time.
