A team of Google software experts has released details of five bugs in Apple’s iMessage software that might place its devices at risk of attacks. In one of these cases, the flaw in the software was so bad that there was only one way to save a targeted iPhone: delete every bit of data on it.
The second example is a bug that could be exploited to copy all the files on an Apple device without the owner being involved. According to the researchers, there is also a sixth problem that has so far not been addressed in any update of the mobile operating system.
University of Surrey cybersecurity expert Professor Alan Woodward called it unusual and added: “The reputation of the Google Zero team is such that it is worth taking notice of.”
Since it was established five years ago, the team has uncovered bugs in software released by, among others, Facebook, Microsoft and Samsung.
Apple’s in-house notes on iOS 12.4 show that the unresolved bug could provide hackers with a means to crash apps or execute foreign commands on recent iPhones, iPod Touches and iPads.
Apple urged iOS device owners to install the latest version immediately since it addresses the issues raised by Google and also some other threats and glitches. The company said in a statement: “Keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security.”
ZDnet first reported the issue, warning that Google has shared enough details to allow hackers to develop exploits. The site urged users to install iOS 12.4 immediately.
Google researcher Natalie Silvanovich will release more details of their findings on not only iMessage but also Visual Voicemail and Apple’s Mail app at the Black Hat conference in Las Vegas next month. Apple will also send one of its security chiefs to deliver a presentation on Mac and iOS security.