Patch Up That iThang; A Half Dozen Interactionless Vulnerabilities Are Looking For You
What Were You Doing Before You Didn’t Do Anything?
The good news is that upgrading to iOS 12.4 will protect you from five recently discovered security issues with iMessage; the bad news is that there were six revealed. Researchers from Google’s Project Zero uncovered a half dozen bugs which attackers can exploit without any input or interaction required by you on the phone. The attacks are triggered by receiving an iMessage containing malicious code, you don’t have to open them as their arrival is enough to leverage the vulnerability.
The Inquirer lists the details of the five patched flaws, which allow an attacker to intercept communications, cause apps to crash, trigger arbitrary code execution and remotely read or leak files. As the sixth has yet to be patched, the details have not yet been released but hopefully a patch is soon forthcoming.
Project Zero researchers Natalie Silvanovich and Samuel Groß uncovered the bugs and noted that they are "interactionless", meaning they can be exploited without needing the target to do anything thanks to a vulnerability in iMessage.