Apple still has not resolved an iOS error discovered by Google's elite bug team, despite rolling out updates last week to resolve other issues
- Researchers found six bugs with Apple & # 39; s iOS, one of which has still not been patched
- Four bugs target iMessage and allow attackers to send malicious code via SMS
- Two bugs give attackers access to internal memory and data leaks
- Researchers will present their findings at an upcoming conference
A bug that can exploit an error in Apple & # 39; s iMessage remains unparalleled despite a series of repairs last week.
According to ZDNet, while five of the six vulnerabilities discovered by researchers were corrected by last week's iOS 12.4 update, an error – which is not yet detailed – is still ongoing.
The bugs, found by Google Project Zero researchers Natalie Silvanovich and Samuel Groß, are said to be & # 39; no interaction & # 39 ;, meaning they do not require user input to work. Many of the errors affect iMessage.
Five of the bugs discovered by researchers have been corrected, but an undocumented error remains open.
As noted by The edge, four of the errors, including one that is not patched, target victims by sending malicious code in a text message. To attack users, the victim only has to open the message.
The other two patched bugs made use of an error in the iOS memory and enabled attackers to place data from the phone on an external device according to AppleInsider.
Apple & # 39; s iOS error will not be announced until the bug is fully patched according to ZDNet.
Although the bugs were discovered by security researchers whose purpose is to investigate software such as Apple's iOS to improve their security, AppleInsider reports that the bugs were sold on the black market, each with a price tag of $ 1 to $ 4 million to get.
WHICH FLAWS OF iOS WERE DISCOVERED BY RESEARCHERS?
Analysts at Google & # 39; s Project Zero have documented various errors in Apple & # 39; s iOS.
Four of the errors are aimed at iMessage and enable a hacker to send a text message with malicious code.
To initiate an attack, a victim only needs to open the text message.
Two more defects focus on the memory and let attackers look up information from the phone.
One of the bugs has not yet been patched despite the rollout of security updates in iOS 12.4.
Google's Project Zero is behind the documentation of other important security flaws in the past, including a & # 39; serious & # 39; bug reported earlier this year.
The error allowed hackers to exploit an error in Apple & # 39; s MacOS, giving them secret access to internal files.
Researchers behind the identification of the recent series of bugs are planning to present findings at an upcoming BlackHat Security conference next week in Las Vegas.
& # 39; There are rumors of external vulnerabilities that do not require user interaction to attack the iPhone, but limited information is available about the technical aspects of these attacks on modern devices & # 39 ;, read the description of the presentation.
& # 39; This presentation explores the external, interaction-free attack surface of iOS. & # 39;
. [TagsToTranslate] Dailymail