GOOGLE'S BUG-HUNTING BODS have levelled their finger at Apple to point out six security flaws in iOS 12.
Project Zero researchers Natalie Silvanovich and Samuel Groß uncovered the bugs and noted that they are "interactionless", meaning they can be exploited without needing the target to do anything thanks to a vulnerability in iMessage.
Today, @5aelo and I unrestricted five bugs in iMessage! Here are some highlights:— Natalie Silvanovich (@natashenka) July 29, 2019
Apple's latest iOS 12.4 patch fixes five of the flaws but doesn't completely squash the sixth bug, according to Silvanovich.
That bug, labelled CVE-2019-864, along with three others - CVE-2019-8647, CVE-2019-8660, and CVE-2019-8662 - could be exploited by a hacker sending a victim malicious code through iMessage. As a result, the attacker could use these bugs to intercept communications, cause apps to crash, and trigger arbitrary code execution, according to Apple's notes on the security flaws.
Given CVE-2019-864 wasn't fixed properly, deeper details of the dangers it poses were kept private.
The other two bugs, labelled CVE-2019-8624 and CVE-2019-8646, allow for malicious code wranglers to leak data from a targeted iOS device's memory as well as remotely read files, all without the victim doing anything.
To protect yourself, your best bet is to install the latest iOS update. Then, it's fingers crossed that Apple fixes the other flaw before hackers dig it up and exploit it.
Apple hasn't commented on the bugs, but it has a generic statement doing the rounds: "Keeping your software up to date is one of the most important things you can do to maintain your Apple product's security." Yeah, no s**t Cupertino.
We're not sure why Apple didn't fix the one flaw in the first place. But then we handle words, baby, not code, so what do we know about patching. Maybe Apple's too busy beavering away at making a 16in MacBook Pro. µ
Much a (dil)do about nothing
Neither the time nor the face
The tiny tweaks are coming thick and fast now
Gitting more secure