contador web Skip to content

Google discovers iMessage flaws that can expose iPhone files | Security

Google researchers have discovered six security holes in iOS, the operating system of Apple's mobile devices, that would allow cybercriminals to break into the user's iPhone. Most of the vulnerabilities focus on the iMessage application or platform messenger based services. Last Monday (22), the iPhone maker released the download of iOS 12.4, an update that corrected five of the six loopholes, among other changes.

According to Natalie Silvanovich and Samuel Gro, researchers at Google Project Zero, all vulnerabilities are classified as "no interaction". This means that they could be executed without the user interacting with tools or services. By exploiting the bug, criminals could steal personal data or even read files and other data from the device.

What is iMessage on iPhone? See how Apple's messenger works

IPhone iMessage security flaws (iOS) allow remote access to user's device Photo: Disclosure / AppleIPhone iMessage security flaws (iOS) allow remote access to user's device Photo: Disclosure / Apple

IPhone iMessage security flaws (iOS) allow remote access to user's device Photo: Disclosure / Apple

Want to buy a cell phone, TV and other discounted products? Meet the Compare dnetc

Four of the six security holes, including the one not yet fixed by Apple, allow attackers to send a message containing malicious code to the phone. The infected text would be executed as soon as the user opened the message. The two remaining breaches occur due to a problem with the device's memory. It is noteworthy that the bugs only reach devices running iOS 12 or later.

iPhone with iOS 13? Learn all about Apple's new operating system

iPhone with iOS 13? Learn all about Apple's new operating system

The failures are estimated to be worth more than $ 1 million in the illegal market. The information is on price lists of Zerodium, the US information security company. The ZDNet website, the Crowdfense vulnerability research center said that because these were vulnerabilities present in recent versions of iOS that allow attacks without interaction, they could easily be valued at between $ 2 million and $ 4 million each. $ 7.6 million to $ 15.2 million in direct conversion).

Details about the five corrected errors were posted online, but the final breach remains confidential until it can be corrected by Apple. In the meantime, it is important that all iPhone users upgrade their devices to iOS 12.4.