Google discovers six major security flaws in Apple’s iOS 12

Vulnerabilities in iMessage software can be exploited without any interaction from user

Google logo on iPhone
(Image credit: Credit: Getty photos)

Security researchers at Google have uncovered six fundamental flaws in Apple’s iOS software that could expose iPhone users to cyberattacks.

Natalie Silvanovich and Samuel Gros, from the search giant’s Project Zero software “bug-hunting” team, have published the “details and demo exploit code” for five of six security flaws that can be exploited through iMessage in iOS 12, ZDNet reports.

The final security flaw has not been outlined publicly as Apple is still in the process of resolving the bug, the tech news site says.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.


Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

All six of the faults highlighted by the researchers are “interactionless”, which means they require no interaction from the user to run, according to The Verge.

Four of the vulnerabilities, including the one that has yet to be fixed, are triggered when an attacker sends “a message containing malicious code”, the site says. The glitch occurs as soon as the user opens the message.

The other two exploits can be used to “leak data from a device’s memory” and view files from an external device, adds ZDNet.

Whenever a software fault is discovered by Project Zero researchers, the manufacturer of the device is informed and given 90 days to come up with a fix, says Forbes. Information about the flaw is then publicly disclosed.

Are iPhone users in danger of a cyberattack?

Probably not in this instance. Apple fixed five of the six vulnerabilities last week and it shouldn’t be too long before the company addresses the final fault.

Although the California-based tech giant has not revealed how it tackled the security flaws, it has advised users that “keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security”, the BBC reports.

To download the latest software for iPhones, currently listed as iOS 12.4, users simply need to go to their smartphone’s Settings app and then select the General tab before pressing Software Update.

Once in the update menu, the phone will inform the user whether a new version of iOS is available to download. If the device is running older software, the user will be given the option to download and install the most recent version, providing their phone isn’t too old to run the update.

Continue reading for free

We hope you're enjoying The Week's refreshingly open-minded journalism.

Subscribed to The Week? Register your account with the same email as your subscription.