According to a report in ZDNet, the iOS security flaws have been discovered by two of Google’s Project Zero researchers – Natalie Silvanovich and Samuel Groß. While five of the patches were patched with iOS 12.4 update that was released by Apple last week, one still has to be fixed. We should mention that last week’s update mentioned a number of bug fixes. The report has also added that all of the vulnerabilities that have been discovered by Google researches are “interactionless.” This basically means that they can function even without any interaction with the user. There are a number of bugs that require the user to perform certain actions to start functioning, but these seem to be more sophisticated than that. In addition to this, it has been reported that these also exploit a vulnerability in the iMessage client. It has been added that among all the vulnerabilities that have been discovered, four of them rely on an attacker sending a message that has a malicious code to an unpatched phone. It gets executed as soon as a user opens the message. One of these four vulnerabilities is still unpatched. The other two vulnerabilities only rely on memory exploit. It is worth adding that details of the five patched bugs have been published online, however, the final one will stay confidential until Apple addresses it. But then, we should mention that in case you have not updated your iPhone to iOS 12.4, it is a good time to do it as it will save your device from the vulnerabilities that have been patched. Silvanovich will also be hosting a talk on the interactionless attacks on iPhone at the Black Hat security conference that is scheduled to take place in Las Vegas next week.
We should mention that it is a great thing that these vulnerabilities were discovered by researchers who were not interested in exploiting them. According to ZDNet, bugs like these are invaluable to those who manufacture intercept tools and surveillance software. The right buyer for these would be ready to pay millions for accessing them before Apple has fixed to patch the software. So, when they revealed the bugs to Apple, these Google security researchers have done a great service to iOS users across the globe.
