Google researchers have discovered six vulnerabilities in iOS software, one of which has not yet been patched by Apple developers. According to online sources, the vulnerabilities were discovered by Google Project Zero researchers, with five of the six problem areas fixed last week when the iOS 12.4 update was released.
The vulnerabilities discovered by the researchers are "non-contact", meaning they can be exploited without any user interaction. In addition, they are all associated with the iMessage app. Four vulnerabilities, including an unpatched one, allow an attacker to send messages to the target device with malicious code that starts executing the moment the recipient opens the message. Other vulnerabilities are related to memory usage.
Details of the five vulnerabilities have been posted online, while the latest bug remains confidential as Apple has not fixed it. In any case, if you haven't updated your iPhone to iOS 12.4 yet, you should do it now. Next week, researchers from the Google Project Zero project will make a presentation on attacks on iPhone users. The report will be presented as part of the Black Hat security conference, which will be held in Las Vegas.
It is also important that the vulnerabilities were discovered by researchers who are not interested in exploiting them. Finding these kinds of bugs is invaluable to developers of interception tools and surveillance software. By reporting the discovered vulnerabilities to Apple, the researchers have done a favor for all users of the iOS platform.
Source: 3dnews.ru