Skip to main content

Google researchers find six security bugs worth 5 million in iOS

Two members of Project Zero, Google’s bug-hunting team, have found six bugs in iOS that could have led cyber attackers to compromise devices like iPhones and iPads. The duo published the details and demo proof-of-concept code for five of the six “interactionless” security bugs that made the OS vulnerable to hackers who could have exploited it via the iMessage client. If sold in the exploit market, these six bugs would have reportedly fetched over $5 million.

The bugs were discovered by Google Project Zero security researchers Natalie Silvanovich and Samuel Groß. ZDNet reports that all the six security flaws were patched on July 22 when Apple rolled out the iOS 12.4 update. As per Silvanovich, details about one of the "interactionless" vulnerabilities are kept private because the latest iOS update did not completely patch the bug. Silvanovich will be holding a presentation about these vulnerabilities at the Black Hat security conference in Las Vegas next week.

How the bugs could have compromised iOS security

The researcher said that out of the six vulnerabilities, four could have lead to the execution of malicious code on a remote iOS device, with no user interaction needed. To compromise the device, an attacker could have sent a malicious message to the victim's phone. In such cases, the code is executed once the user opens and views the received message. The fifth and sixth bugs could have allowed an attacker to extract data from the compromised device's memory and read files off the device remotely, this too, with no user interaction.

According to a price chart published by US-based information security company Zerodium, if these bugs were sold on the exploit market, they could have brought over $1 million each for every vulnerability. It means that the bugs which the researchers published are valued between $5 million and $10 million. Vulnerability research hub Crowdfense told ZDNet that since the exploits were “interactionless,” and the vulnerabilities worked on recent versions of iOS exploits, these could have been valued between $2 million and $4 million each, that is, the total value of the bugs is between $20 million and $24 million.



from Latest Technology News https://ift.tt/2YuHiXD
Labels:

Comments

Post a Comment

Popular posts from this blog

YouTube Music Season Recap 2022: How to View the Spring Recap

YouTube is a jump ahead of Spotify with its Season Rewind playlist feature. Well, besides playlists, the service offers you a list of your most played artists, songs, albums, etc in the previous season. It will be a recurring thing and is poised to come out every season. Meanwhile, its biggest competitor Spotify’s Wrapped is a bop every time it lands but is limited to annual appearance. There in lies one big difference between the two approaches. Let’s see what else you could expect out of the new YouTube Music feature. YouTube Season Recap: How it works Source: u/DecentSizedTurd (Reddit) Like the YouTube Recap 2021, this one too would share personalized listening stats. YouTube calls this “an exploration of your top artists, songs, albums and playlists over the last season”. To view it, you just need to go to music.youtube.com/recap or the landing page on the YouTube Music app for Android and iOS. Right now, only some users have got the spring Youtube Music playlist. But the...
Post a Comment
Read more