iPhone/iPad Users: Update Immediately

John Lister's picture

Google says it has found half a dozen major security flaws in Apple's iPhone messaging system. A new iOS update fixes five of the problems, but Google says one remains unpatched.

The flaws were discovered by Google's Project Zero, a department that takes its name from the idea of "zero day" bugs. That's where would-be hackers become aware of a security issue before the relevant software developers are able to patch the bug. The zero day bugs are then exploited which often results in elevated privileged access levels given to a rogue program.

The problems are with iMessage, the instant messaging service available to iPhone and iPad users that lets them message other Apple users without any charges or using up SMS allowances. It's also possible to run iMessage on Mac computers, though portable devices are the biggest problem in this case.

Device Files Could Be Copied

Of the five flaws Google detailed, two stood out. One would allow a rogue message to access parts of the device's memory that should be off-limits. That in turn could allow an attacker to remotely copy files from the device without having to trick the user into clicking on a link or opening an attachment.

Another flaw would let the hacker remotely crash the device. The crash would be so severe that a reset wouldn't get it working again. Instead, the user would need to reboot into the recovery mode option and then restore the device, losing all data stored on it. (Source: sky.com)

One Bug Still Unpatched

Five of the bugs are fixed in iOS 12.4, released last week. Any iPhone or iPad users who haven't installed that update need to do so immediately. While Google hasn't gone into full technical detail, it's given enough information to attract the attention of hackers who will be targeting unpatched devices. (Source: bbc.co.uk)

A sixth bug was reported to Apple as well. Google says Apple included a patch for this bug in the update but it hasn't worked. Because of this, it plans to keep all information about this bug secret until Apple fixes it successfully, or 90 days after it originally told Apple about the problem, whichever comes first.

What's Your Opinion?

If you use Apple devices, do you keep them up to date at all times? How can security experts balance making people aware of the need to apply patches and tipping off potential hackers about bugs? Should tech firms co-operate more on security?

Rate this article: 
Average: 4.8 (9 votes)

Comments

Rusty's picture

I’m certainly no expert, but it sure seems like these types of efforts from Google would cause as many problems as they solve. We know that none of the corporate tech giants are loyal allies of the consumer. I tend to look at all of them with a wary eye. That said, I like to make sure my iOS (and other) updates are done right away. There may be some justification for waiting until they are tested by others, but I would guess the risks are outweighed by the security benefits of prompt updating.