قالب وردپرس درنا توس
Home / Apple / Google scientist details iOS exploit that can take over an iPhone with a text message – BGR

Google scientist details iOS exploit that can take over an iPhone with a text message – BGR



As a general rule, if you avoid clicking suspicious links that may appear on your phone – whether sent via text message or displayed as a pop-up ad in your browser – the odds of your device being infected with malware is slim to none.

Despite the fact that security researchers from the Google Project Zero team recently unveiled a sophisticated exploit that would allow a malicious actor to take control of a targeted device without any interaction from the device owner at all. As Google scientist Natalie Silvanovich detailed during a presentation at the Black Hat security conference this week, there are a handful of iOS 12 exploits – which have since been lapped by Apple with iOS 1

2.4 – that can allow a third party to take full control of a device just by to send over a text message.

"These can be turned into the kind of error that will execute code and can eventually be used for armed things like access to your data," Silvanovich said in comments obtained by Cable . "So at worst, these are the bugs used to harm users.

Interestingly, Silvanovich noted that she found no similar exploits involving regular SMS, MMS and visual voicemail. However, iMessage provided a surprising number of exploits, a fact that may be attributed to how feature rich the application is.

Wired notes:

This may be because iMessage is such a complex platform that offers a variety of communication options and features, including Animojis, rendering of files that photos and videos and integration with other apps – everything from Apple Pay and iTunes to Fandango and Airbnb, all of these extensions and connections increase the likelihood of bugs and weaknesses.

In the open market, an interaction-free iOS bug like the ones discovered by Silvanovich and her Project Zero partner Samuel Groß, easily sold for millions of dollars, in other words, it's fortunate that iOS 12 utilizes the thoughts were uncovered by Google's Project Zero team unlike any other.

At this point, you may remember that a Dubai-based startup last year started offering hackers upwards of $ 3 million for zero-day iOS exploitation. In the past, you might remember that a company called Zerodium paid $ 1 million to a group of hackers who somehow came to remove jailbreak from an iPhone.

Silvanovich's presentation deck can be seen in full here.

Source: Photo by JIM LO SCALZO / EPA-EFE / Shutterstock


Source link