The iMessage vulnerability addressed last year as CVE-2019-8641 and deemed critical with a CVSS score of 9.8 had technical details published by Google’s Project Zero team recently. iOS versions 12 or later are affected by the vulnerability that could allow attackers to unexpectedly terminate applications or execute arbitrary code. Groß, one of the Google Project Zero researchers elaborated further and said that if an attacker knows the Apple ID of their target, they can gain control of the device with minimal effort. Through this process, data such as files, passwords, authentication codes, emails, SMS messages could end up in the hands of the attacker. This also makes it very easy to gain access to the microphone and camera to allow for further eavesdropping. A proof-of-concept exploit targeting iPhone XS running iOS 12.4 is available on the Project Zero issue 1917 discussion board.
With all the news around COVID-19/Coronavirus, the average person is turning to the internet for