A representational image. The four security flaws discovered by Google's security researchers are CVE-2019-8641 (details kept private), CVE-2019-8647, CVE-2019-8660 and CVE-2019-8662. Photo: Bloomberg
A representational image. The four security flaws discovered by Google's security researchers are CVE-2019-8641 (details kept private), CVE-2019-8647, CVE-2019-8660 and CVE-2019-8662. Photo: Bloomberg

Google researchers find 6 iOS security flaws

  • Two members of 'Project Zero' have published details and demo proof-of-concept code for five of six 'interactionless' security bugs
  • The bugs impact the iOS operating system and can be exploited via the iMessage client

San Francisco: Google security researchers team have found six critical flaws in Apple iMessage that can compromise the user's phone without even interacting with them. These security vulnerabilities fall into the 'interactionless' category.

Two members of 'Project Zero', Google's elite bug-hunting team, have published details and demo proof-of-concept code for five of six 'interactionless' security bugs that impact the iOS operating system and can be exploited via the iMessage client, the ZDNet reported on Tuesday.

Details about one of the 'interactionless' vulnerabilities have been kept private because Apple's iOS 12.4 patch did not completely resolve the bug, according to Natalie Silvanovich, one of the two Google Project Zero researchers who found and reported the loophole.

The four security flaws are CVE-2019-8641 (details kept private), CVE-2019-8647, CVE-2019-8660 and CVE-2019-8662.

The fifth and sixth bugs CVE-2019-8624 and CVE-2019-8646 can allow an attacker to leak data from a device's memory and read files off a remote device, also with no user interaction, the report added.

All the six security bugs were patched last week in July with the iPhone maker's iOS 12.4 release.

This story has been published from a wire agency feed without modifications to the text.

Close