Google security researchers team have found six critical flaws in Apple iMessage that can compromise the user’s phone without even interacting with them. These security vulnerabilities fall into the ‘interactionless’ category.
Two members of ‘Project Zero’, Google’s elite bug-hunting team, have published details and demo proof-of-concept code for five of six ‘interactionless’ security bugs that impact the iOS operating system and can be exploited via the iMessage client, the ZDNet reported on Tuesday.
Details about one of the ‘interactionless’ vulnerabilities have been kept private because Apple’s iOS 12.4 patch did not completely resolve the bug, according to Natalie Silvanovich, one of the two Google Project Zero researchers who found and reported the loophole.
The four security flaws are CVE-2019-8641 (details kept private), CVE-2019-8647, CVE-2019-8660 and CVE-2019-8662.
The fifth and sixth bugs CVE-2019-8624 and CVE-2019-8646 can allow an attacker to leak data from a device’s memory and read files off a remote device, also with no user interaction, the report added.
All the six security bugs were patched last week in July with the iPhone maker’s iOS 12.4 release.