Google team finds critical security flaws in iMessage - Mobile World Live

Google team finds critical security flaws in iMessage

01 AUG 2019

Apple’s oft-touted security credentials were tested by reports of a string of bugs in its iMessage app, some of which made it possible for attackers to steal data from iOS devices.

Security researchers at Google uncovered six major vulnerabilities, four of which would automatically execute malicious code when malformed messages were viewed in the app. The remaining two allowed attackers to remotely read and leak files stored on a user’s device.

Natalie Silvanovich, a member of Google’s Project Zero cybersecurity team who helped discover the flaws, described them on Twitter as “interactionless”, meaning the attacks could be carried out without additional action from users.

Apple patched five of the bugs in its recently issued iOS 12.4 update, but Silvanovich noted the sixth remained unresolved. She said the Project Zero team is withholding details about the vulnerability until it is fixed.

ZDNet estimated the six exploits could have sold for a total of up to $24 million on the black market.

Back

Author

Diana Goovaerts

Diana joins Mobile World Live as its new US Editor, reporting on infrastructure and spectrum rollouts, regulatory issues, and other carrier news from the US market. Diana comes to GSMA from her former role as Editor of Wireless Week and...

Read more

Related

Tags