Google researchers discover six ‘zero interaction’ vulnerabilities in iOS, one still not fixed

Apple iPhone XR

“Two of the bugs allow the attacker to leak data from a device’s memory and read files off a remote device, all without user interaction”

Google security researchers have discovered six ‘Zero Interaction’ iOS vulnerabilities that allow the attacker to take control of the phone when users just receive and open a message. However, five of them have been fixed in iOS 12.4, but Apple is yet to fix the sixth and last one. The bugs were discovered by Silvanovich and Google Project Zero security researcher Samuel Groß. According to Google researcher, four of the six security bugs can execute the malicious code on a remote iOS device, with no user interaction needed. All an attacker needs to do is send a message to a victim’s phone and the malicious code will execute once the user opens and views the received message. The fifth and sixth bugs allow the attacker to leak data from a device’s memory and read files off a remote device, all without user interaction. 

Apple-iPhone-XR-review-91mobiles-02_thumb.jpg
Google first reported the issues to Apple to allow it to issue patches before the team disclosed the details

The four bugs are CVE-2019-8641, CVE-2019-8647CVE-2019-8660, and CVE-2019-8662While Apple tried to remove all six vulnerabilities in iOS 12.4, Google claims it didn’t completely do that. A ZDNet report says, “Details about one of the “interactionless” vulnerabilities have been kept private because Apple’s iOS 12.4 patch did not completely resolve the bug, according to Natalie Silvanovich, one of the two Google Project Zero researchers who found and reported the bugs.” Google first reported the issues to Apple to allow it to issue patches before the team disclosed all the details.

Details of the remaining five exploits will be shared at the Black Hat security conference in Las Vegas next week. ‘Zero-interaction’ or ‘frictionless’ vulnerabilities are claimed to be the most dangerous and the zero-interaction relies on opening a message. The message could be sent via SMS, MMS, iMessage, Mail or even Visual Voicemail. Since iOS 12.4 includes a serious security fix, it is suggested you update if you haven’t already.

Sai Krishna is a close follower of tech and everything that has the word 'smart' involved. This makes him passionate to write about everything revolving around the world of technology. He can always be seen surfing the web and while he’s not working, you can find him re-watching Seinfeld and reading comics.
Facebook Comments
SOURCEZDNet