A duo of Google hunting researchers has revealed several "interactionless" vulnerabilities in iOS that allowed hackers to hijack iPhone via iMessage – without even engaging in the malicious texts.
The researchers, Natalie Silvanovich and Samuel Groß, who work with Google's security team Force Project Zero, have so far released details for just five of the six errors found, ZDNet reports. Four of these errors can lead to malicious code execution on external iOS devices without any significant user interaction.
All it takes to successfully execute the attacks is to deliver an infectious message and encourage the recipient to display it.
The reason for withholding the details of one of the bugs is that it has not been adequately addressed by Apple's iOS 1
For more information about the attacks and proof-of-concept evidence, check out this list of companies.
Interestingly, a chart by security firm Zerodium suggests five of the companies are valued at $ 1 million each.
Since the disclosure includes proof-of-concept code to carry out the attacks, iOS users are advised to immediately update to the latest version of iOS.
On August 7, Silvanovich will give a keynote on Black Hat on the topic of interactionless exploits for iPhone and iOS in general. There she will touch on some of the potential vulnerabilities in SMS, MMS, Visual Voicemail, iMessage and Mail that make these attacks possible in the first place.
This is hardly the first time Big G has found a crack in Apple's software. Back in February 2019 iPhone maker had to release a security update after Project Zero researchers uncovered two zero-day vulnerabilities in iOS