Latest in Gear

Image credit: NurPhoto via Getty Images

Google researchers discovered serious iOS security flaws

The vulnerabilities reportedly would have sold on the black market for up to $5 million.
496 Shares
Share
Tweet
Share
Save

Sponsored Links

NurPhoto via Getty Images

Six critical security vulnerabilities that were patched in the iOS 12.4 update released earlier this month were originally discovered by security researchers at Google. Natalie Silvanovich and Samuel Groß, two members of Google's Project Zero bug-hunting team, alerted Apple to the issues. Silvanovich will be laying out the details on several of the bugs and provide a demonstration of exploits in action at the Black Hat security conference set to be held in Las Vegas next week.

The majority of the vulnerabilities discovered by Google were so-called "interactionless" bugs, meaning they can be executed on a remote iOS device without requiring any sort of direct interaction with the phone. An attacker simply has to send malicious code via iMessage and wait for the victim to open it. Because these "interactionless" bugs are in high demand for hackers, the security flaws discovered would have sold on the black market or other seedy parts of the internet for as much as $5 million apiece, according to ZDNet.

While Apple largely addressed these significant security flaws with the release of iOS 12.4 on July 22nd, the researchers are holding back on revealing the details of one vulnerability that has not yet been fully patched. Users are advised to keep their phones up to date and download updates as soon as they become available in order to avoid any significant security risks.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
496 Shares
Share
Tweet
Share
Save

Popular on Engadget

Spotify may be in talks to buy culture outlet The Ringer

Spotify may be in talks to buy culture outlet The Ringer

View
Boeing finds another software flaw that might delay 737 Max's return

Boeing finds another software flaw that might delay 737 Max's return

View
Law enforcement is using a facial recognition app with huge privacy issues

Law enforcement is using a facial recognition app with huge privacy issues

View
Microsoft will fix an Internet Explorer security flaw under active attack

Microsoft will fix an Internet Explorer security flaw under active attack

View
Hitting the Books: Hackers can convince your IoT devices to betray you

Hitting the Books: Hackers can convince your IoT devices to betray you

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr