Google's Project Zero Finds Six iOS Vulnerabilities in iMessage App, Five Patched Last Week
Early July, Google’s Project Zero released details of an iMessage bug that could effectively brick an iPhone and force users to wipe and restore their devices, one that was patched in iOS 12.3.
Apple’s iMessage might face difficulties in the coming few days as researchers from Google security have discovered a total of six vulnerabilities in its iOS software, one of which is yet to be patched by the iPhone manufacturer. Early July, Google’s Project Zero released details of an iMessage bug that could effectively brick an iPhone and force users to wipe and restore their devices, one that was patched in iOS 12.3.
Now, two Project Zero researchers, Natalie Silvanovich and Samuel Groß, have found out six new vulnerabilities in the iMessage app. According to a report published by ZDNet, Google’s elite bug-hunting team have published details and demoed proof-of-concept code for five of the six ‘interactionless’ security bugs impacting the iOS operating system. All the six security flaws were patched last week, on July 22, with Apple's iOS 12.4 release.
However, the details about the iOS vulnerabilities have been kept private by Google’s Project Zero as according to Natalie Silvanovich, the latest patch did not completely resolve the bug. According to the researcher, while four of these security bugs can execute malicious code on a remote iOS device, the two other bugs can allow an attacker to leak data from a device’s memory and read files off a remote device. All six iOS flaws need no user interaction to function.
More details about these vulnerabilities will be delved at the Black Hat security conference scheduled to be held in Las Vegas next week. For now, the bugs have been named as CVE-2019-8641, CVE-2019-8647, CVE-2019-8660, CVE-2019-8662, CVE-2019-8624 and CVE-2019-8646.
Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.
Subscribe to Moneycontrol Pro and gain access to curated markets data, trading recommendations, equity analysis, investment ideas, insights from market gurus and much more. Get Moneycontrol PRO for 1 year at price of 3 months. Use code FREEDOM.
Recommended For You
- Labuschagne Replaces Smith to Become First Like-for-like Substitution in Cricket
- DDCA to Name Stand After Virat Kohli in Feroz Shah Kotla Stadium
- Reebok CrossFit Nano 9.0 Review: Slickest Evolution of Versatile Fitness Shoes
- Ashes 2019: Steve Smith Returns to Bat After Nasty Blow to the Neck
- Instagram Users Can Report False Content And Expect Fact Checkers to Verify it