Google researchers find six major security vulnerabilities in Apple’s iOS

Photo (c) Weedezign - Getty Images

The now-patched flaws will be discussed next week at a security conference

Two members of Project Zero, Google’s bug-finding team, have disclosed that they discovered six security vulnerabilities in Apple’s iOS operating system.

Five of the bugs were fully patched in the iOS 12.4 update released on July 22, but one vulnerability remains unpatched. The researchers who spotted the bugs, Natalie Silvanovich and Samuel Grob, are holding off on sharing the details of the unpatched vulnerability until after a 90-day disclosure deadline has passed.

The other bugs will be discussed and exploited in real-time at the Black Hat security conference in Las Vegas next week. 

Remote vulnerabilities

In a series of tweets, Silvanovish explained that most of the bugs discovered were “interactionless,” meaning malicious code from hackers doesn’t require significant user interaction in order to be executed. 

During her presentation at the Black Hat security conference, Silvanovich will discuss “the remote, interaction-less attack surface of iOS” and the “potential for vulnerabilities in SMS, MMS, Visual Voicemail, iMessage and Mail.” She will also play out two examples of vulnerabilities discovered.

ZDNet notes that the types of bugs that were found would have sold for over $5 million if they had been sold on the black market since they are in high demand among hackers. 

Take an Identity Theft Quiz. Get matched with an Authorized Partner.