The iMessage vulnerability addressed last year as CVE-2019-8641 and deemed critical with a CVSS score of 9.8 had technical details published by Google’s Project Zero team recently. iOS versions 12 or later are affected by the vulnerability that could allow attackers to unexpectedly terminate applications or execute arbitrary code. Groß, one of the Google Project Zero researchers elaborated further and said that if an attacker knows the Apple ID of their target, they can gain control of the device with minimal effort. Through this process, data such as files, passwords, authentication codes, emails, SMS messages could end up in the hands of the attacker. This also makes it very easy to gain access to the microphone and camera to allow for further eavesdropping. A proof-of-concept exploit targeting iPhone XS running iOS 12.4 is available on the Project Zero issue 1917 discussion board.
Analyst Notes
Any users who have not yet should download iOS 12.4.2 for iPhone 5S, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2, iPad Mini 3, and iPod Touch 6th generation. The vulnerability has also been patched in macOS Mojave 10.14.6, watchOS 5.3.2, and tvOS 12.4.
Sources: https://cyware.com/news/google-researchers-publish-technical-details-of-critical-imessage-vulnerability-eb76a143
https://bugs.chromium.org/p/project-zero/issues/detail?id=1917#c6
