iMessage security flaws uncovered – here's what you need to know

Security researchers have urged iPhone users to update their device software immediately following the discovery of vulnerabilities in iMessage.

Researchers from Google's Project Zero discovered five flaws Apple's mobile messaging software that could leave its devices vulnerable to attack.

One of the vulnerabilities they uncovered was so severe that only way to save a targeted iPhone would require deleting all of the data contained on the device. Another vulnerability could even be used to copy files off of a device without any help from the device's owner.

Google established its Project Zero team back in 2014 with the aim of uncovering previously undocumented vulnerabilities and so far it has informed Microsoft, Facebook, Samsung and others regarding problems in their code.

iOS update

Apple is well aware of the seriousness of the vulnerabilities discovered by Google and even its own notes regarding iOS 12.4 show that if left unpatched, the flaws could allow hackers to crash an app or execute their own commands on recent iPhones, iPads and even the new iPod Touch if they happen to discover it.

The iPhone-maker has not commented on the issue specifically but it is urging users to install the latest version of iOS which contains fixes for the vulnerabilities as well as additional glitches and threats. 

While Apple released fixes to these vulnerabilities last week, the researchers also flagged a sixth vulnerability which has not yet been patched in the latest update to iOS.

In a statement, Apple stressed the importance of regularly updating your devices, saying:

“Keeping your software up to date is one of the most important things you can do to maintain your Apple product's security.”

ZDnet, which broke the initial story, noted that Google's researchers had shared enough details about the vulnerabilities that attackers could be able to craft exploits to take advantage of them.

If you own any of Apple's mobile products, it is highly recommended that you update them immediately to avoid falling victim to any potential attacks or exploits.

Via The BBC

No comments yet.

Leave a Reply

in development