Tech giant Apple released bug fixes for five crucial security problems found in their operating system. The issues were vulnerable to exploit through its iMessage client application and were identified by security researchers for Google’s exploit-chasing Project Zero. However, BBC states, a problem that was reported didn’t receive a complete solving in the iOS 12.4 update.
All of the issues were reportedly remote and interactionless, which means that an attacker could take advantage of them without needing the owner of the targeted handset to do anything.
Among the weaknesses that were discovered, one was so grave that it could only be fixed by wiping a device with the loss of all data. Also, another vulnerability that was fixed required to siphon data off a device.
Google’s Project Zero Showed That Apple’s iMessage Presents A Major Security Vulnerability
That iMessage security vulnerability was not fixed in iOS 12.4 and can still be taken advantage of seems to be rather serious, according to BBC. However, Google’s Project Zero researcher Natalie Silvanovich tweeted that they were keeping the details hid until a bug fix deadline has passed.
According to ZDNet, it is possible that if Silvanovich and her colleague Samuel Groß have sold the five weaknesses that didn’t require the owner of the device to do anything on the black market or to an exploit buyer, they could have worth a minimum of one million dollars per piece. That’s because they provide attackers with the ability to permeate a target device without trace.
However, Apple is fortunate enough that the issues were identified by Project Zero and not by someone looking to cash in on them. As per ZDNet, Silvanovich has planned a discussion about the remote, interactionless iPhone weaknesses at next week’s Black Hat cybersecurity conference. A summary of the talk saying it will discuss the potential for flaws in SMS, MMS, Visual Voicemail, iMessage, and Mail, and it shows how to arrange tooling to test these elements.
