Google's Security Analysts Found Vulnerabilities in iOS

Viswamitra Jayavant - Aug 23, 2019

Several secret vulnerabilities found in iOS had been patched up through iOS 12.4 update. But surprisingly, they were actually found by Google analysts.

iOS has got a reputation for security, but even an amateur to tech-space understands that there is nothing that is completely airtight. Earlier this month, up to six critical security vulnerabilities were found and patched by Apple via the latest update to iOS 12.4. Surprisingly, the vulnerabilities were actually found by a team of security analysts at Google.

Project Zero

The two figures behind the discovery, Natalie Silvanovich, and Samuel Groß are both parts of Google’s relatively unknown bug-hunting team Project Zero. After finding out and verifying the issues, the two quickly reported them to Apple who took swift actions to ensure that the OS is not compromised by the bugs.

Silvanovich gave a demonstration to security experts and enthusiasts at the infamous Black Hat security conference scheduled to be hosted in Las Vegas the first week of August. The demo included details on the vulnerabilities, as well as showcasing the exploits while it’s in action.

"Interaction-Less Bugs"

Most of the critical flaws that were found by Google’s team were deemed “interaction-less” bugs, which is considerably more dangerous than your atypical kind. The reason is that they can be triggered using a remote iOS device and does not require tampering or direct contact with the victim’s device. It can be as easy as sending to the victim’s iOS device an iMessage text containing a string of malicious code. Once the victim opens up the code, the exploit would be in full swing.

Imessage-Bug — The exploit can be activated with a mechanism as simple as an iMessage text.

It’s understandable how bad actors would love to have their hands on such vulnerabilities considering the convenience and ease to deploy them. That’s the reason why such “interaction-less” bugs are in extremely high demands in the darker parts of the Internet. According to a report, detailed documentation and even tools to help in exploiting similar flaws can be sold for up to $5 million on the black market.

Update Note

Although most of the security flaws have been confirmed and patched by Apple following the recent iOS 12.4 update. The company and the team are both holding back on releasing details about one final vulnerability that for the moment they have not found a patch for. Nonetheless, all iOS users are encouraged to update to the latest version to ensure that their personal devices are secured and to stop any significant security risks from developing.