Threat Watch

Critical iMessage Vulnerability Discovered by Google Researchers

The iMessage vulnerability addressed last year as CVE-2019-8641 and deemed critical with a CVSS score of 9.8 had technical details published by Google’s Project Zero team recently. iOS versions 12 or later are affected by the vulnerability that could allow attackers to unexpectedly terminate applications or execute arbitrary code. Groß, one of the Google Project Zero researchers elaborated further and said that if an attacker knows the Apple ID of their target, they can gain control of the device with minimal effort. Through this process, data such as files, passwords, authentication codes, emails, SMS messages could end up in the hands of the attacker. This also makes it very easy to gain access to the microphone and camera to allow for further eavesdropping. A proof-of-concept exploit targeting iPhone XS running iOS 12.4 is available on the Project Zero issue 1917 discussion board.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Any users who have not yet should download iOS 12.4.2 for iPhone 5S, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2, iPad Mini 3, and iPod Touch 6th generation. The vulnerability has also been patched in macOS Mojave 10.14.6, watchOS 5.3.2, and tvOS 12.4.

Sources: https://cyware.com/news/google-researchers-publish-technical-details-of-critical-imessage-vulnerability-eb76a143

https://bugs.chromium.org/p/project-zero/issues/detail?id=1917#c6

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support