Two security researchers from Google’s bug-hunting team have discovered six critical flaws with iMessage that leave your phone vulnerable even if you don’t interact with it.
Known as “interactionless” security bugs, these are perhaps the most dangerous kind of bugs out there. Luckily, all of these security issues have been patched already with last week’s iOS 12.4 update.
According to one of the researchers, these vulnerabilities have been kept private because Apple’s 12.4 patch has been unable to fully resolve them – hence details on these security flaws are still scarce.
These “interactionless” bugs can be exploited on a remote iOS device without the user doing anything specific to trigger them. All the attacker has to do is send a message with malicious code in it and wait for the user to open it.
Some of these can even break into your device’s memory and read your files – with no user interaction.
And since these interactionless security bugs are in such high demand amongst hackers, they can be sold on the black market for as much as $5 million.
It’s a bit perplexing how security researchers from Google are digging into iOS to expose vulnerabilities when Android itself has vulnerabilities showing up time and time again.
In any case, users are advised to download the latest security updates and patches as soon as they become available to avoid being at risk of malicious attacks.