Blog

Apple iMessage Security: How Anyone Can Take Over Your Phone With A Fake Message

Posted by Integrity Staff on August 5, 2019 at 10:00 AM

apple-imessage-security

Apple users should upgrade to iOS 12.4 immediately to patch their devices against a series of dangerous vulnerabilities. 

Researchers from Google’s Project Zero team discovered a number of exploits that require virtually no interaction from the user.

“All an attacker needs to do is to send a malformed message to a victim's phone, and the malicious code will execute once the user opens and views the received item,” according to ZDNet

These bugs could allow attackers to exploit iPads, iPhones, and iPod Touch devices by:

  1. Executing malicious code on a remote device.
  2. Siphoning data from a device’s memory.
  3. Copying files off a remote device.

The only way to reverse the damage from one of the bugs is to reboot and restore a device, deleting all of its data.

 

Software upgrades should be part of a security awareness training strategy. Find out what else you need to increase security awareness at your organization with our free guide.

 

Did Apple Fix All Of The Issues?

Not quite.

While iOS 12.4 patched five of the vulnerabilities, one still remains at large. 

“We are withholding CVE-2019-8641 until its deadline because the fix in the advisory did not resolve the vulnerability,” tweeted Natalie Silvanovich, one of the researchers on this effort. 

Silvanovich is speaking on remote, interactionless iPhone attacks on Aug. 7 in Las Vegas at the Black Hat USA conference. 

 

How Serious Are These Bugs?

For what it’s worth, these vulnerabilities fetch large sums of money on the exploit market. 

ZERODIUM pays up to $1 million for each remote code execution exploit. ZDNet’s analysis, then, figures that the Google researchers have come across vulnerabilities worth up to $5 million. 

Meanwhile, Crowdfense pays around $3 million apiece for such vulnerabilities. ZDNet values the six at between $20-24 million. 

Again, we reiterate the importance of upgrading to iOS 12.4. 

After all, “keeping your software up to date is one of the most important things you can do to maintain your Apple product's security.”

If you'd like help in understanding how this issue could affect your business, or you want to increase security in your organization, please contact Integrity to learn how we can help you. 

Download Our Security Awareness Guide

Image by Dean Moriarty from Pixabay