Google researchers flag critical security flaws in iPhones: Details here
Security researchers at Google have flagged security flaws in Apple's iPhone operating system, the iOS. They detected a total of six critical vulnerabilities that could have allowed a hijacker to compromise an iPhone, The Verge reported. However, the good news is, Apple has issued a patch for all the bugs, except for one. Here's everything you need to know about the vulnerabilities.
'Interactionless' bugs detected by Project Zero researchers
Discovered by Project Zero researchers Natalie Silvanovich and Samuel Groß, the bugs in question revolve around the iMessage client. They all can be exploited in an interaction-less manner, where the attacker doesn't even have to touch the iPhone. Notably, four of the issues can be exploited by sending malicious code to a vulnerable iPhone, while the other two are exploited via device memory.
Apple has patched the bugs
After the researchers reported the bugs to Apple, the Cupertino giant issued fixes to prevent the vulnerabilities from being exploited. It released the patches with iOS 12.4 last week, but one of the bugs - which can be exploited via iMessage code - is still not fixed. Its details have not been published online to prevent attackers from exploiting the bug in the wild.
Apple should patch sixth bug soon
As Apple is already aware of the risk, it shouldn't take long to issue a fix for the sixth and unpatched bug. The details of all the issues and a demonstration of interactionless iPhone attacks will be given by the researches at next week's Black Hat security conference in Las Vegas. By then, the patch for the final bug would also be available.
Recommendation: Keep your iPhone updated
Having said that, it is highly recommended to keep your iPhone updated with the latest version of iOS. Just head over to Settings > General > Software Update and tap on Download and Install. Once the update is installed, your iPhone will automatically be shielded against all potential bugs and vulnerabilities disclosed recently by security researchers.
