Two Google security researchers have identified six security vulnerabilities in iOS. Natalie Silvanovich and Samuel Groß, two researchers from Google’s bug-hunting team ‘Project Zero’, have identified these bugs. All six bugs were patched in iOS 12.4 update. But researchers have not released details about one vulnerability as Apple yet to patch it completely.
All of the bugs are “interactionless”, means they won’t need any interaction from the user to work. According to the researcher, four of the six security bugs can lead to the execution of malicious code on a remote iOS device. The attacker just needs to send malicious code via iMessage and the malicious code will execute once the user opens and views the received item. One of these fours bugs is yet to patched fully. The remaining two rely on a memory exploit and read files off a remote device.
These types of ‘interactionless’ bugs are in high demand in the hacker’s market. Right buyers can give millions for these exploit before Apple can patch them. We’re lucky that these vulnerabilities were discovered by security researchers who had no interest in exploiting them for their own benefit.
It is always a good idea to install security patches as soon as possible. And in this case, if you have not installed the iOS 12.4 update then you should do it right now.
