Skip to main content

Google researchers find six security bugs worth 5 million in iOS

Two members of Project Zero, Google’s bug-hunting team, have found six bugs in iOS that could have led cyber attackers to compromise devices like iPhones and iPads. The duo published the details and demo proof-of-concept code for five of the six “interactionless” security bugs that made the OS vulnerable to hackers who could have exploited it via the iMessage client. If sold in the exploit market, these six bugs would have reportedly fetched over $5 million.

The bugs were discovered by Google Project Zero security researchers Natalie Silvanovich and Samuel Groß. ZDNet reports that all the six security flaws were patched on July 22 when Apple rolled out the iOS 12.4 update. As per Silvanovich, details about one of the "interactionless" vulnerabilities are kept private because the latest iOS update did not completely patch the bug. Silvanovich will be holding a presentation about these vulnerabilities at the Black Hat security conference in Las Vegas next week.

How the bugs could have compromised iOS security

The researcher said that out of the six vulnerabilities, four could have lead to the execution of malicious code on a remote iOS device, with no user interaction needed. To compromise the device, an attacker could have sent a malicious message to the victim's phone. In such cases, the code is executed once the user opens and views the received message. The fifth and sixth bugs could have allowed an attacker to extract data from the compromised device's memory and read files off the device remotely, this too, with no user interaction.

According to a price chart published by US-based information security company Zerodium, if these bugs were sold on the exploit market, they could have brought over $1 million each for every vulnerability. It means that the bugs which the researchers published are valued between $5 million and $10 million. Vulnerability research hub Crowdfense told ZDNet that since the exploits were “interactionless,” and the vulnerabilities worked on recent versions of iOS exploits, these could have been valued between $2 million and $4 million each, that is, the total value of the bugs is between $20 million and $24 million.



from Latest Technology News https://ift.tt/2YuHiXD

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Infinix Note 40X 5G With Dimensity 6300 5G SoC, 108-Megapixel Rear Camera Launched in India: All Details

Infinix Note 40X 5G was launched in India on Monday (August 5). The latest Note series phone from the Transsion Holdings subsidiary comes with a MediaTek Dimensity 6300 5G under the hood paired with up to 12GB of RAM. The Infinix Note 40X 5G boasts a triple rear camera setup headlined by a 108-megapixel main sensor and packs a 5,000mAh battery. from Gadgets 360 https://ift.tt/ZIHkQUw
Post a Comment
Read more

Amazon Great Indian Festival Sale 2023: Best Camera Smartphones Under Rs. 20,000

Amazon Great Indian Festival Sale 2023 is currently underway with great offers and discounts on a wide range of products. If you are on a tight budget and looking to upgrade to a smartphone with better camera features, the ongoing sale currently offers plenty of choices. Here are some of the best camera smartphones under Rs. 20,000. from Gadgets 360 https://ift.tt/AUWj8uo
Post a Comment
Read more

Samsung Galaxy S25 Series Could Reportedly Arrive With Exynos 2500 Chip, as Samsung Attempts to Improve Yield

Samsung Galaxy S25 series could be equipped with an Exynos 2500 chipset after all, according to a South Korean publication, following reports that the company would use Qualcomm's next-generation Snapdragon mobile processor for its upcoming flagship smartphones. The firm is reportedly working on improving the yield of its chipset, with only a few months to go before t... from Gadgets 360 https://ift.tt/ZqHS8yj
Post a Comment
Read more