large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Apple still hasn’t fixed this iOS flaw, but you should still update now

Two Google security researchers have published proof of concept attacks targeting six “interactionless” security flaws in iOS.

Apple released a patch to fix the issues but one flaw remains. Regardless, we recommend you make sure you’ve updated to iOS 12.4. Two members of Google’s Project Zero bug-hunting team published details of five of six iOS security flaws. The flaws can be exploited via iMessage and do not require interaction from the user.

Related: Best Mobile Phone Deals

The six security flaws were patched in 12.4 release but – according to ZDNet – one of the security experts who found them says one is still not resolved.

Four of the security flaws could lead to the execution of malicious code on a remote iOS device and could be “interactionless”. The exploit requires an attacker to send a malformed message to an iPhone and a user to simply open the message with no requirement for a link to be clicked.

The fifth and six flaws could let an attacker leak data from an iPhone’s memory as well as reading files.

Related: Best iPhone games

Natalia Silvanovich is one of the experts behind the bug discovery. Before now, no interactionless flaws in iOS had been widely reported. Silvanovich is giving a talk on the serious issue next week.

In an abstract of the upcoming talk, Silvanovich said: “There have been rumors of remote vulnerabilities requiring no user interaction being used to attack the iPhone, but limited information is available … [this presentation] discusses the potential for vulnerabilities in SMS, MMS, Visual Voicemail, iMessage and Mail”.

The release of iOS 12.4 brought about not security-related updates for the iPhone too. iOS 12.4 saw the addition of support for the upcoming Apple Card credit card. The update also saw the return of Walkie Talkie for iOS and watchOS after it was removed for a couple of weeks.

iOS 13 is expected later in the year. Some of the big expected features include a Dark Mode for iPhone, new customisation options for Animoji and a new login system called “Sign in with Apple”.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.