Two Google employees, Natalie Silvanovich and Samuel Groß, discovered six flaws that affect iOS, allowing remote hacking and code execution on the iPhone, iPad and iPod Touch. The positive side of this discovery is that iOS 12.4, released last week, corrects almost all of them in the gadgets where it can be installed.
The duo is part of Project Zero, the internal division of the search giant that is responsible for hunting for security breaches. Of the six loopholes, four do not depend on almost any user attitude to stay active, which considerably increases the risk for device owners.
For a person to receive the malicious package, simply receive a message through iMessage and open its contents. Of all the flaws found, five have already been documented and released for public consultation, while one remains secret and will only be released as soon as Apple releases the fix for it – as iOS 12.4 has not yet solved the problem.
According to security firm Zerodium, each breach is worth $ 1 million. Next week Natalie Silvanovich will make a presentation during the Black Hat conference in Las Vegas and this type of failure (which does not require user action) will be addressed.
If you have an iPhone, iPod Touch or iPad that can be upgraded to iOS 12.4, it may be interesting to move on with the update so you don’t suffer from an invasion, right?