Apple has always tried to be the poster child of safeguarding user privacy, through its walled garden operating system and applications.
However, recent events have not really supported this notion. And this new discovery (surprisingly by a team at Google) regarding iMessage is definitely something that'll shake the users of this messaging app.
AFP/ Reuters
According to some discoveries by Google's elite bug-hunting squad Project Zero, there are some major bugs in the iMessage client on iOS that can cause irreversible damage to the security of the user.
The members of Project Zero Natalie Silanovich and Samuel Grob have gone ahead and published details, as well as a proof of concept code of an 'interactionless' security bug. While Apple claims that they have fixed these bugs with the newest iOS 12.4 update, people at Project Zero state that it isn't fixed yet, and have kept the details private.?
But they have revealed what the security bugs are truly capable of doing. As per the researchers, four bugs, out of the 6 discovered have the ability to execute malicious code on a remote iOS device, without the need of any interaction (hence the term interactionless) All the attacker needs to do is send the infected message to an iMessage user, and upon him/her opening the message, the code will start running automatically.
The four bugs are named- CVE-2019-8641, CVE-2019-8647, CVE-2019-8660, and CVE-2019-8662.
Reuters
The remaining two bugs are more dangerous than the aforementioned four. Bugs, CVE-2019-8624 and CVE-2019-8646, have the ability to let the attacker read data from the victim's device memory, that too on a remote device.
The researchers will also be holding a presentation about these vulnerabilities at the Black Hat Security Conference in Las Vegas, next week.
It is strongly advised that users on iOS update their device to the latest version, even if you don't use iMessage that often, to keep your device and its data safe from cyber attackers.?