We review products independently, but we may earn affiliate commissions from buying links on this page. Terms of use. If you own an iOS device such as an iPhone or iPad, install iOS 12.4 as soon as possible. It fixes most, but not all security vulnerabilities recently discovered by Google's Project Zero security team, which require no interaction by the user to be exploited. As ZDNet reports, Google employs a team of security analysts under the banner of Project Zero tasked with discovering zero-day vulnerabilities and informing the relevant company so they can be fixed rather than exploited. Two Project Zero security researchers (Natalie Silvanovich and Samuel Groß) recently discovered six iOS vulnerabilities and reported them to Apple. The problem is, Apple released iOS 12.4 last week with patches for all six vulnerabilities, but one still remains exploitable even with the patch applied. All six are serious security flaws and deemed "interactionless," meaning no user input is required for them to exploit an iOS device. An attack comes in the form of a malformed iMessage. Four of the vulnerabilities use malicious code attached to a message which gets executed automatically when the message is opened. The other two rely on memory leaks to access data on the device remotely. Because Apple has only successfully fixed five of the six exploits, Project Zero decided to only publish details and demo code for five of the bugs (CVE-2019-8624, CVE-2019-8646, CVE-2019-8647, CVE-2019-8660, and CVE-2019-8662), therefore allowing Apple more time to release another patch. If you're wondering how much these exploits would be worth on the open market, each could easily sell for over $1 million. Until the final exploit has been properly patched, iOS users should be extra cautious as to the messages they choose to open in iMessage. One of the researchers, Natalie Silvanovich, will be giving a presentation next week at the Black Hat security conference in Las Vegas on remote and interactionless iPhone exploits.
Wir nutzen Cookies auf unserer Website. Einige von ihnen sind essenziell für den Betrieb der Seite, während andere uns helfen, diese Website und die Nutzererfahrung zu verbessern (Tracking Cookies). Sie können selbst entscheiden, ob Sie die Cookies zulassen möchten. Bitte beachten Sie, dass bei einer Ablehnung womöglich nicht mehr alle Funktionalitäten der Seite zur Verfügung stehen.
We review products independently, but we may earn affiliate commissions from buying links on this page. Terms of use. If you own an iOS device such as an iPhone or iPad, install iOS 12.4 as soon as possible. It fixes most, but not all security vulnerabilities recently discovered by Google's Project Zero security team, which require no interaction by the user to be exploited. As ZDNet reports, Google employs a team of security analysts under the banner of Project Zero tasked with discovering zero-day vulnerabilities and informing the relevant company so they can be fixed rather than exploited. Two Project Zero security researchers (Natalie Silvanovich and Samuel Groß) recently discovered six iOS vulnerabilities and reported them to Apple. The problem is, Apple released iOS 12.4 last week with patches for all six vulnerabilities, but one still remains exploitable even with the patch applied. All six are serious security flaws and deemed "interactionless," meaning no user input is required for them to exploit an iOS device. An attack comes in the form of a malformed iMessage. Four of the vulnerabilities use malicious code attached to a message which gets executed automatically when the message is opened. The other two rely on memory leaks to access data on the device remotely. Because Apple has only successfully fixed five of the six exploits, Project Zero decided to only publish details and demo code for five of the bugs (CVE-2019-8624, CVE-2019-8646, CVE-2019-8647, CVE-2019-8660, and CVE-2019-8662), therefore allowing Apple more time to release another patch. If you're wondering how much these exploits would be worth on the open market, each could easily sell for over $1 million. Until the final exploit has been properly patched, iOS users should be extra cautious as to the messages they choose to open in iMessage. One of the researchers, Natalie Silvanovich, will be giving a presentation next week at the Black Hat security conference in Las Vegas on remote and interactionless iPhone exploits.