From this week’s NCSC Weekly Threat Report: 2nd August 2019
Google highlights vulnerabilities found in iMessage
Five flaws in Apple’s iMessage software could make devices vulnerable to attack according to bug-hunters at Google.
In one example, the researchers commented that the only way to rescue a targeted iPhone would be to delete all the data from it whilst another highlighted issue could see files being copied from a device without the owner actually doing anything to aid the hack.
Apple released fixes last week that would protect devices from these flaws. Recovering devices affected will result in all data being wiped.
A sixth flaw was also reported to Apple by the bug-hunters which, at the time of writing, has not yet been rectified.
In their own notes about iOS 12.4, Apple have indicated that the unfixed flaw could give an attacker the opportunity to crash an app or execute commands. iPhone 5 and later, iPad Air and later, and iPod Touch 6th generation and later could all potentially be affected.
Apple have not commented on this specific issue but have told users to update devices to the latest version of iOS which addresses Google’s other discoveries as well as a number of other issues.
Weaknesses in software and apps can allow cyber criminals to take advantage of your unsecured devices. One of the best forms of defence is to ensure your devices have the latest software and app updates issued by the provider.
The Project Zero bug report:
The Fully Remote Attack Surface of the iPhone
(Wednesday, August 7, 2019)
The last security update to iOS12.4 was August 1, per:
Apple security updates
