The issue exists in the Phone app (version 4.1.1) and only happens when a user initiates a phone call from the Phone app. If the user taps a malicious link or opens a malicious PDF file, the device will try to open the malicious URL or open the malicious PDF. If the user has the Phone app open, a malicious link or PDF file will open the device into a malicious situation. This issue is hard to exploit and requires user interaction.
Vulnerability details
A vulnerability exists in the Phone app (version 4.1.1) where if a user initiates a phone call from the Phone app, the device will try to authorize an OTA update via the iTunes Store and then try to open the malicious link or PDF file. If this happens, the device will be in a malicious situation. This issue is hard to exploit and requires user interaction.
CVE-2022-20824
The issue exists in the Phone app (version 4.1.1) and only happens when a user initiates a phone call from the Phone app. If the user taps a malicious link or opens a malicious PDF file, the device will try to open the malicious URL or open the malicious PDF. However, there is an easier way to exploit this vulnerability which allows attackers to open your device into a malicious situation without user interaction. This issue is hard to exploit and requires user interaction.
Vulnerability Reported:
A vulnerability exists in the Phone app that allows a malicious link or PDF file to open the device into a malicious situation. The issue is hard to exploit and requires user interaction.
Affected Devices: iPhone
Affected Devices:
Apple iPhone, iPhone 3G and 3GS, iPhone 4 and 4S, iPod touch (5th generation)
Timeline
Published on: 10/11/2022 20:15:00 UTC
Last modified on: 10/13/2022 02:46:00 UTC