Two Google Project Zero bug hunters (Silvanovich and Samuel Groß) have revealed details on an iOS security flaw that could be capitalized on via iMessage. According to the research team, a total of six “interactionless” security bugs had befallen iOS and Apple did patch only five of them in last weeks iOS 12.4 release.
Google’s Elite bug-hunting team has only revealed details of the five patched security flaws keeping the last one private. Apple had previously been informed on the bugs, and that was the primary intent behind the July 22nd iOS 12.4 update.
Four of the bugs involved a hacker deploying a malformed message with malicious code which deploys once a user opens to view the message. While the last two flaws utilize a memory exploit.
For those who have not updated to the recent iOS update yet, now should be the time. It is always recommended to update software soon as it is available because it often tackles much of the incoming threats that you may not be aware of.
According to ZDnet, the exploits could be well worth around $10 million. The site also states that another exploit vendor values the bugs at around $2 to $4 million each, which translates to a total of value between $20 and $24 million.
Silvanoch, one of the security researchers is expected to hold a presentation of the bug next week at a Black Hat Security conference set to be held in the US.