Apple users should upgrade to iOS 12.4 immediately to patch their devices against a series of dangerous vulnerabilities.
Researchers from Google’s Project Zero team discovered a number of exploits that require virtually no interaction from the user.
“All an attacker needs to do is to send a malformed message to a victim's phone, and the malicious code will execute once the user opens and views the received item,” according to ZDNet.
These bugs could allow attackers to exploit iPads, iPhones, and iPod Touch devices by:
The only way to reverse the damage from one of the bugs is to reboot and restore a device, deleting all of its data.
Not quite.
While iOS 12.4 patched five of the vulnerabilities, one still remains at large.
“We are withholding CVE-2019-8641 until its deadline because the fix in the advisory did not resolve the vulnerability,” tweeted Natalie Silvanovich, one of the researchers on this effort.
Silvanovich is speaking on remote, interactionless iPhone attacks on Aug. 7 in Las Vegas at the Black Hat USA conference.
For what it’s worth, these vulnerabilities fetch large sums of money on the exploit market.
ZERODIUM pays up to $1 million for each remote code execution exploit. ZDNet’s analysis, then, figures that the Google researchers have come across vulnerabilities worth up to $5 million.
Meanwhile, Crowdfense pays around $3 million apiece for such vulnerabilities. ZDNet values the six at between $20-24 million.
Again, we reiterate the importance of upgrading to iOS 12.4.
After all, “keeping your software up to date is one of the most important things you can do to maintain your Apple product's security.”
If you'd like help in understanding how this issue could affect your business, or you want to increase security in your organization, please contact Integrity to learn how we can help you.
