The iPhone is actually considered very secure. However, a hacker has now discovered six bugs that allow the device to be taken over remotely. One of the gaps has still not been closed. It is a real selling point for many: While users of Android devices have to deal with malware and antivirus programs, the iPhone is considered a very secure and carefree alternative. But now six serious bugs have been discovered in iOS – and one is still not fixed.
The gaps were found by a Google employee of all people. However, 4besnews there is no nasty competition from the company behind Android. Security expert Natalie Silvanovich works for Project Zero, which was commissioned by Google to find security holes in all kinds of devices and systems to make the network more secure. Silvanovich will present the vulnerabilities in detail at the Black Hat hacker conference next week.
The details that have already become known are scary: According to Silvanovich, all six gaps should allow remote access to the data on the device. And this without requiring any user interaction. In four of the cases, Apple’s SMS replacement iMessage is used for this purpose. Due to a flaw, it is sufficient to receive and open a manipulated SMS to give the attacker remote control over the device. F9news the two remaining flaws are also – unlike many popular attack methods such as Trojans – not dependent on user error.
They exploit a gap in the iPhone’s memory management to make the device’s data remotely readable. As befits a well-meaning hacker, Silvanovich has long since reported the errors to Apple. And the company has reacted: With the release of iOS 12.4 last week, Apple has fixed five of the bugs. So if you haven’t done so yet, you should definitely update your system to the latest version.
And as soon as possible: With the update, the hacker had also revealed the exact functionality of the plugged gaps and even explained in detail how to reproduce the error. So it’s probably only a matter of time before hackers actively attack the gap. However, one of the gaps is still open, Silvanovich explained to “ZDNet”. Unlike the bugs that have already been fixed, Silvanovich has not yet revealed any details about the gap. Nevertheless Apple should hurry with the repair: Errors like the ones just discovered are sometimes traded on the black market at prices over a million dollars, according to ZDNet. Users cannot understand whether they are affected by the hack.
The good news: The hack did not survive a restart – so the affected iPhones are not permanently in the hands of the hackers. And: With the update to iOS 12.1.4 the gap was already closed in February. This means that anyone who keeps their iPhone and iPad up-to-date is safe from the known methods of attack long before they are used. For Apple, the news is still a problem. For years, the iPhone was considered virtually unbreakable compared to Android devices.
The fact that not one, but five methods of taking full control are now becoming known, is likely to have a major impact on this image. Apple itself has not yet commented on this, press inquiries were rejected. But at least the reaction to the revelation gives hope: Not even a week passed from Google’s first report of the problem to the closing of the gap.