The security vulnerabilities, discovered by Google Project Zero researchers Natalie Silvanovich and Samuel Groß, are described as being “interactionless”. Meaning that they are able to execute themselves without any user interaction. Further, the researchers found out that the vulnerabilities could be exploited via the on-board iMessage client. Of the six, four of them are reported to rely on the attacker sending malicious code via a message to an unpatched iPhone and it would run once the recipient opens the message. The remaining two vulnerabilities are based on a memory exploit.
These bugs are apparently worth millions of dollars, according to several bug bounty programs out there. The good news so far is that Apple has already patched five of the six bugs with the iOS 12.4 update that was released on 22 July. ZDNet says that Apple still hasn’t resolved the sixth bug, and the fruit company is still keeping mum about any details surrounding it. On that note, we do recommend all iPhone users to update their devices to the latest iOS update in order to avoid becoming a victim of these vulnerabilities. (Source: The Verge, ZDNet)
