iMessage is going to be the primary way for iOS attackers. As the iPhone messaging service is showing quite a lot of security flaws lately. After resolving the latter, a Google security engineer has rediscovered a critical bug on the platform. It allows an attacker to gain access to private data stored on an iPhone.
The most serious iOS bugs we have encountered in recent months were related to Apple’s communication apps. At the beginning of the year, FaceTime allowed a user to be heard and even seen before a call was answered on the iPhone, even without the “victim” knowing. Now the problem is even greater because the iOS 12 bug that affects the app allows access to the data we store on the phone.
Up to 5 different bugs in iMessage
Natalie Silvanovich has been the security researcher who is part of the Google team. They claims to have discovered not one or two, but up to five bugs in iMessage. Apple has already informed about all of them.
Most of them are failures that affect operations since they affect remote memory that can cause unexpected closures in the app. However, there is one, identified as CVE-2019-8646, that allows “an attacker to read files from a remote device with no user interaction”. In other words, it is a backdoor for cybercriminals to access iPhone content. Using this iOS 12 bug and specifically iMessage.
All of these vulnerabilities have already been reported to Apple and are subject to 90-day disclosure policy. As per the Project Zero program. The company has already included a patch in iOS 12.4. So iPhone users are recommended to install the new software update as soon as possible. Apple hasn’t said a single word about this vulnerability patched in the latest stable update for iOS.