Search

Google Project Zero Researchers Disclose 5 ‘Zero Interaction’ iMessage Flaws, 4 Fixed in iOS 12.4

One of the flaws can allow an attacker to read contents of files on iPhone.

Advertisement
Highlights
  • CVE-2019-8660 is a memory corruption flaw
  • Two of the disclosed flaws can lead to the crash of iPhone GUI
  • One of the researchers will detail the flaws at Black Hat USA 2019
Google Project Zero Researchers Disclose 5 ‘Zero Interaction’ iMessage Flaws, 4 Fixed in iOS 12.4

CVE-2019-8641 vulnerability remains unpatched for now

Google Project Zero team has yet again found a number of security vulnerabilities in Apple's iOS operating system. Two members of the Project Zero team discovered five new “zero interaction” flaws in iMessage that could allow an attacker to all sorts of malicious things on an iPhone, ranging from crashing an app to reading contents of a file. Apple has fixed five of the disclosed vulnerabilities, but one flaw remains unpatched right now.

According to a series of tweets published by Google Project Zero's Natalie Silvanovich, the researcher with Samuel Grob found five vulnerabilities in Apple's iMessage. These vulnerabilities are being called zero interaction as they don't require the user to do anything apart from opening a malicious iMessage. As Apple has already fixed four of these vulnerabilities in the recently released iOS 12.4 - CVE-2019-8647, CVE-2019-8624, CVE-2019-8646, and CVE-2019-8660 – their details are now public. However, CVE-2019-8641 is still unpatched, so the researchers are keeping its details secret until 90 days disclosure deadline.

The biggest of the newly disclosed flaws is CVE-2019-8646 and it impacts devices running iOS 12 and above. The flaw allows potential attackers to read contents of files stored on an iOS device without any user interaction.

Among other iMessage flaws, CVE-2019-8660 is a memory corruption flaw and CVE-2019-8624 as well as CVE-2019-8647 can cause crash of iOS SpringBoard, which manages the iOS graphical user interface (GUI).

In addition to these flaws, Natalie Silvanovich was also responsible for finding CVE-2019-8662, which is although not directly released to iMessage, but can be triggered though the messaging app.

Natalie Silvanovich will be talking more about the bugs at the upcoming Black Hat USA 2019 conference.

To recall, Apple had released iOS 12.4 for the iPhone, iPad, and iPod Touch users. In addition to a number of bug fixes, the update included a new feature to transfer data wirelessly between two iPhone models and enhancements for Apple News+.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

 
Show Full Article
Please wait...
Advertisement

Related Stories

Popular Mobile Brands
  1. Amazon Freedom Sale 2025 Highlights: Best Deals on Phones, Tablets and More
  2. Flipkart Freedom Sale 2025 to Start Tonight; Smartphone Deals Teased
  3. Vivo T4R 5G Launched in India With MediaTek Dimensity 7400 SoC
  4. Vodafone Idea (Vi) Rolls Out 5G Services in These Nine Cities
  5. Samsung Launches Galaxy Book 4 Edge AI PC in India With These Features
  6. Insta360 Go Ultra Could Offer Up to 4K 60FPS Video Recording
  1. MIT Just Proved Einstein Wrong in the Famous Double-Slit Quantum Experiment
  2. PSR J0922+0638 Pulsar Keeps Glitching Every 550 Days, Scientists Are Intrigued
  3. Starlink’s Unintended Signals Threaten Astronomical Research, Study Finds
  4. DogMan OTT Release Date: When and Where to Watch This American Animated Movie Online?
  5. Love Hurts OTT Release Date: When and Where to Watch it Online?
  6. Xbox Game Pass Hit Nearly $5 Billion in Revenue for the First Time in FY 2025, Microsoft Says
  7. Samsung Tri-Fold Phone to Launch in H2 2025; Galaxy S25 FE Teased to Debut Earlier
  8. Flipkart Freedom Sale 2025 to Start Tonight With Discounts on iPhone 16, Galaxy S24, Nothing Phone 3a, More
  9. Vodafone Idea (Vi) 5G Services Rolling Out in Surat, Meerut, and Seven Other Cities With Special Introductory Offers
  10. Qualcomm Said to be Developing Another High-End Chipset; Could Offer Snapdragon 8 Elite-Level Performance
Gadgets 360 is available in
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »