Apple’s iMessage might face difficulties in the coming few days as researchers from Google security have discovered a total of six vulnerabilities in its iOS software, one of which is yet to be patched by the iPhone manufacturer. Early July, Google’s Project Zero released details of an iMessage bug that could effectively brick an iPhone and force users to wipe and restore their devices, one that was patched in iOS 12.3.
Now, two Project Zero researchers, Natalie Silvanovich and Samuel Groß, have found out six new vulnerabilities in the iMessage app. According to a report published by ZDNet, Google’s elite bug-hunting team have published details and demoed proof-of-concept code for five of the six ‘interactionless’ security bugs impacting the iOS operating system. All the six security flaws were patched last week, on July 22, with Apple's iOS 12.4 release.
However, the details about the iOS vulnerabilities have been kept private by Google’s Project Zero as according to Natalie Silvanovich, the latest patch did not completely resolve the bug. According to the researcher, while four of these security bugs can execute malicious code on a remote iOS device, the two other bugs can allow an attacker to leak data from a device’s memory and read files off a remote device. All six iOS flaws need no user interaction to function.
More details about these vulnerabilities will be delved at the Black Hat security conference scheduled to be held in Las Vegas next week. For now, the bugs have been named as CVE-2019-8641, CVE-2019-8647, CVE-2019-8660, CVE-2019-8662, CVE-2019-8624 and CVE-2019-8646.