CVE-2019-25071
MEDIUMiPhone OS < 13.0 - Unauthenticated Command Execution via Siri Audio/Video File Trigger
Title source: llmDescription
A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://www.scip.ch/en/?labs.20191010
Various Sources x_refsource_misc
https://youtu.be/AeuGjMbAirU
Permissions Required, VDB Entry x_refsource_misc
https://vuldb.com/?id.143125
Scores
CVSS v3
6.3
EPSS
0.0105
EPSS Percentile
59.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-269
Status
published
Products (1)
apple/iphone_os
< 13.0
Published
Jun 25, 2022
Tracked Since
Feb 18, 2026