Behind a vulnerability of one of the major operating systems today, iOS, there is a real "market" involving developers and researchers / hackers themselves looking for these breaches because of the famous "bounty programs".
This is generally a healthy relationship for both businesses and users, who will not be affected by the problems discovered in advance by these professionals. That's exactly what happened recently when two Google researchers discovered six vulnerabilities on iOS, as disclosed by ZDNet.
The members of Project Zero, the team of ?caa bugs?Published details of the vulnerabilities and demonstrated proof of concept for five of the six? no-interaction ?flaws (ie requiring no user activity to be affected) that implied iOS.
According to Apple, all six bugs have been fixed in iOS 12.4, launched last week, but Google researchers claimed it wasn't exactly that. In short, two of the six bugs could execute malicious code without the need for user interaction the attacker just needed to send a message with certain code to certain device, either by iMessage, SMS or email, for it to be viewed. Details about the other four flaws were not disclosed.
As we said, these system errors can become very expensive products in certain markets. According to the Zerodium table, if discovered by malicious people, the latest vulnerabilities could worth over $ 1 million each; So it's not an exaggeration to say that the researchers published details about iOS issues that could cost more than $ 5 million.
If you haven't upgraded to iOS 12.4 yet, maybe this is a good time for that. Many hackers exploit certain vulnerabilities (albeit already fixed) after they are published, knowing that there are a large number of users who do not immediately update their devices.