Categories: SecurityWorkspace

Google Reveals Multiple Remote iPhone Flaws

Researchers at Google’s Project Zero have disclosed six vulnerabilities in Apple’s iMessage client that could be used to carry out attacks on iOS devices, such as the iPhone, with no user interaction.

All six of the issues were patched in Apple’s iOS 12.4 release last week, but Google withheld the details of one of the bugs, saying Apple’s fix had not fully addressed the issue.

Such flaws are particularly dangerous because they can be exploited without the user’s knowledge.

Four of the bugs can allow malicious code to be executed on a remote device by sending a specially crafted message to the user’s client, according to Google.

Exploit code

Those bugs are CVE-2019-8647, CVE-2019-8660, and CVE-2019-8662, with the fourth,  CVE-2019-8641, being kept under wraps for the time being.

“We are withholding CVE-2019-8641 until its deadline because the fix in the advisory did not resolve the vulnerability,” said Natalie Silvanovich, one of the two researchers who discovered the flaws, on Twitter.

Google has provided sample exploit code for the other three bugs, meaning it would be relatively easy for attackers to make use of the flaws.

Users can mitigate this risk by applying the iOS update right away.

Remote flaws

The other two bugs, CVE-2019-8624 and CVE-2019-8646, allow an attacker to obtain data from a device’s memory and read files from a remote device, according to Apple’s own notes on the issues.

Silvanovich is set to hold a talk on iOS bugs that can be exploited remotely without user interaction at the Black Hat security conference next week in Las Vegas.

Project Zero’s Samuel Groß also contributed to work on finding the six flaws.

ZDNet reported earlier on the iMessage bugs.

Apple’s Group FaceTime was hit by an embarrassing eavesdropping glitch earlier this year that forced it to temporarily disable the service.

Like the flaws discovered by Google, the FaceTime issue could be exploited remotely without user interaction.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

22 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

23 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

24 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago