Details of five security bugs fixed by last-week’s iOS 12.4 update have been published. This means hackers now have what they need to use them on any device that hasn’t been updated.
Now would be a good time for anyone who’d been procrastinating to install this update on their iPhone or iPad.
These bugs allow a hacker to run malicious code on an iPhone via an iMessage exploit. All that the recipient has to do is read the message for the code to launch.
iOS 12.4 brings enhancements to Apple News+, and makes moving to a new iPhone better. But because that’s really all that changed, it’s understandable if many people didn’t rush to install it. Well, here’s a good reason.
Google Project Zero to the rescue
The security flaws weren’t discovered by Apple but by Google’s Project Zero team. Which explains why the details are being made public.
The bugs in question are CVE-2019-8647, CVE-2019-8660, CVE-2019-8662, CVE-2019-8624 and CVE-2019-8646. Included with descriptions of the bugs is sample code showing hackers how to make use of them.
The Project Zero team is still keeping quiet about a sixth iMessage bug they discovered — CVE-2019-8641 — because iOS 12.4 didn’t completely fix it.