Google security researchers have discovered a total of six vulnerabilities in Apple's iOS software, of which the iPhone manufacturer is not yet successful. ZDNet reports that the errors were discovered by two Google Project Zero researchers, Natalie Silvanovich and Samuel Groß, and five of them were patched with iOS 12.4 update from last week, which contained various security solutions.
All vulnerabilities discovered by the researchers are & # 39; interaction-free & # 39 ;, meaning that they can be executed without any user interaction and abuse of a vulnerability in the iMessage client. Four of them (including the unpatched vulnerability) rely on an attacker to send a malicious code message to an unpaired phone and execute it as soon as a user opens the message. The remaining two rely on a memory exploitation.
Details of the five patched bugs are published online, but the last remaining bug remains confidential until it can be addressed by Apple. Anyway, if you haven't updated your iPhone to iOS 12.4, this might be a good time. Silvanovich will give a lecture next week about interaction-free iPhone attacks Black Hat security conference in Las Vegas.
We are lucky that these vulnerabilities have been discovered by security researchers who had no interest in exploiting them for their own benefit. ZDNet notes that such bugs are invaluable for interception tool and surveillance software manufacturers, and that the right buyer would probably pay millions to get access to Apple before defending his software. By making these bugs known to Apple, these security researchers have done a service to iOS users worldwide.