Google’s (NASDAQ:GOOGL) Project Zero research team has found six flaws in Apple Inc.’s (NASDAQ:AAPL) iOS software that the company has failed to successfully fix. According to ZDNET reports out of the six bugs discovered five were fixed in last week’s iOS 12.4 update that had a number of security fixes.
iOS found with security flaws
The vulnerabilities are some of the harmful tools exploited by hackers and they are hidden by intelligence agencies as well as criminals for offensive purposes. The flaws discovered are “interactionless” which means that they are able to run without user interaction and they take advantage of a flaw in the iMessage client.
Four of the flaws including the one that is yet to be fixed depend on the attacker sending a message with a malicious code to the phone and it executes immediately the user opens the message. The other two vulnerabilities depend on a memory exploit where the attacker accesses the device remotely and copies files from it without the user responding to a prompt. One of the vulnerabilities had devastating effect impacting on iPhones and Macs and some phones would even crash and remain unusable even after they have been reset.
One of the Project Zero researchers Natalie Silvanovich stated that the only way users could fix the phone is through rebooting it into recovery mode and then performing a restore. However this means that all the data in the device will be lost.
Details of sixth flaw remain confidential
The company has since made public the details of the five bugs that were fixed but the sixth will still be confidential until it has been fixed. Apple has indicated that for purposes of security and protection of its customers it doesn’t disclose or confirm security issues before investigations are complete and issue fixed.
For users who have not updated their devices to iOS 12.4 it is time they did so. The good thing is that the security flaws were found by security researchers who didn’t have malicious intentions of exploiting them for their benefits.