Two Google security researchers have published proof of concept attacks targeting six “interactionless” security flaws in iOS.
Apple released a patch to fix the issues but one flaw remains. Regardless, we recommend you make sure you’ve updated to iOS 12.4. Two members of Google’s Project Zero bug-hunting team published details of five of six iOS security flaws. The flaws can be exploited via iMessage and do not require interaction from the user.
Related: Best Mobile Phone Deals
The six security flaws were patched in 12.4 release but – according to ZDNet – one of the security experts who found them says one is still not resolved.
Four of the security flaws could lead to the execution of malicious code on a remote iOS device and could be “interactionless”. The exploit requires an attacker to send a malformed message to an iPhone and a user to simply open the message with no requirement for a link to be clicked.
The fifth and six flaws could let an attacker leak data from an iPhone’s memory as well as reading files.
Related: Best iPhone games
Natalia Silvanovich is one of the experts behind the bug discovery. Before now, no interactionless flaws in iOS had been widely reported. Silvanovich is giving a talk on the serious issue next week.
In an abstract of the upcoming talk, Silvanovich said: “There have been rumors of remote vulnerabilities requiring no user interaction being used to attack the iPhone, but limited information is available … [this presentation] discusses the potential for vulnerabilities in SMS, MMS, Visual Voicemail, iMessage and Mail”.
The release of iOS 12.4 brought about not security-related updates for the iPhone too. iOS 12.4 saw the addition of support for the upcoming Apple Card credit card. The update also saw the return of Walkie Talkie for iOS and watchOS after it was removed for a couple of weeks.
iOS 13 is expected later in the year. Some of the big expected features include a Dark Mode for iPhone, new customisation options for Animoji and a new login system called “Sign in with Apple”.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
