A high-severity vulnerability has been identified in the ArcSearch for iOS application, which could allow a remote attacker to execute arbitrary code on a user's device. Successful exploitation occurs if a user visits a specially crafted, malicious webpage using the vulnerable application, potentially leading to the compromise of sensitive data stored on the device and within the app's context. Organizations with employees using this application on corporate or personal devices are exposed to significant risks of data breaches and unauthorized access.

The vulnerability is a remote code execution (RCE) flaw within the web content rendering component of the ArcSearch for iOS application. The flaw stems from improper memory handling when processing certain types of web content. An attacker can exploit this by hosting a malicious webpage and tricking a user into navigating to it with the vulnerable app. Upon visiting the page, the application attempts to render the malicious content, triggering a memory corruption error that the attacker can leverage to execute arbitrary code within the security sandbox of the ArcSearch application.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation of this flaw could have a significant negative impact on the business. If employees use vulnerable versions of ArcSearch on devices that access corporate data, an attacker could potentially steal sensitive information such as login credentials, emails, contacts, or documents stored on the device. This poses a direct risk of a corporate data breach, leading to potential financial loss, reputational damage, and regulatory penalties. The ease of exploitation (requiring only a user to visit a website) increases the likelihood of a successful attack.

Immediate Action: All instances of the ArcSearch for iOS application on corporate and Bring-Your-Own-Device (BYOD) assets must be updated to version 1.0 or later immediately. This can be accomplished through the Apple App Store or enforced via Mobile Device Management (MDM) policies. Following the update, security teams should review network and device logs for any indicators of compromise that may have occurred prior to patching.

Proactive Monitoring: Security teams should monitor outbound network traffic from mobile devices for connections to suspicious or previously unknown domains. Utilize Mobile Threat Defense (MTD) solutions to detect anomalous application behavior, such as unexpected process execution or network activity from the ArcSearch app. Review DNS query logs for requests to malicious domains that may have been used to host exploit code.

Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:

• Use an MDM solution to block the ArcSearch for iOS application until it can be updated.
• Deploy a Secure Web Gateway (SWG) or network filtering solution to block access to known malicious and uncategorized websites, reducing the attack surface.
• Issue a security advisory to all employees, instructing them not to use the ArcSearch application for browsing until their device has been updated.

Public Exploit Available: false

Given the high severity (CVSS 7.5) of this vulnerability and its potential for enabling a remote data breach, we strongly recommend that organizations prioritize the immediate patching of all affected ArcSearch for iOS applications. The risk of sensitive corporate data being compromised from employee devices is significant. Although this CVE is not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for future exploitation. All remediation and monitoring actions should be treated with the highest priority.