iPhone has a serious bug that could be used without users knowledge, Google security researchers warn

Flaws could be used to break devices or access files

Andrew Griffin
Tuesday 30 July 2019 12:27 EDT
Comments
The iPhone XS Max and the iPhone XS on display at the Apple Regent Street store during their launch on September 21, 2018 in London, England
The iPhone XS Max and the iPhone XS on display at the Apple Regent Street store during their launch on September 21, 2018 in London, England (Jack Taylor/Getty)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A serious flaw is present in the iPhone that could be used without its owner's knowledge, security researchers have warned.

Google staff who were looking for bugs said they found six flaws in Apple's iMessage text app. And one of them is still yet to be fixed, the researchers warned.

What's more, the problem is "interactionless", which means that the user of the iPhone does not need to do anything to allow the exploit to be used.

The bugs could allow attackers to view files or crash devices, the researchers warned.

The bugs were found by Google's Project Zero programme. That is made up of security analysts who hunt for serious vulnerabilities in various software before hackers find them, providing manufacturers with a 90-day deadline before they make the issue public.

The issues could have been exploited in a number of ways, such as remotely accessing files or crashing devices.

Five of the flaws were patched in the iOS 12.4 update rolled out last week, but the sixth alleged bug remains open, which Google is not disclosing until the deadline is reached.

Natalie Silvanovich, one of the researchers who uncovered the flaws, described them as "interactionless", meaning they can run without the user having to do anything.

The only way one issue could be fixed on an iPhone was by carrying out a complete reboot and recovery leading to data loss, Ms Silvanovich said in her original report in April.

"For the protection of our customers, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available," an Apple spokesman said.

"Keeping your software up to date is one of the most important things you can do to maintain your Apple product's security."

Project Zero was formed in 2014 with the aim of reducing the number of people harmed by targeted attacks.

It has previously notified the likes of Microsoft and Facebook about vulnerabilities on their services and platforms.

Additional reporting by Press Association

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in