Alphabet researchers have discovered seven serious security breaches on the iPhone
The company's Zero team discovered software deficiencies that allowed the cellular code to run maliciously without the user having to click on a link or take any special action. Cyber experts have estimated the value of these black market loopholes for tens of millions of dollars.
Project members Zero, Alphabet's information security venture, discovered seven serious security breaches on the iPhone that allowed device penetration and information theft through Apple's iMessage app. Of those, six have already been fixed in iOS 12.4 update released last week. The seventh has not yet been fixed, and therefore the researchers refrain from presenting its details.
According to the researchers who found the deficiencies, four of the breaches were extremely severe and allowed the execution of malicious code on the iPhone without the user being required to take action like clicking on an infected link, for example. This is the worst kind of loopholes, because there is really no way of defending them. All it takes from a hacker is to send an engineered message and as soon as the user opens it in the app - the damage is activated.
The two additional loopholes are also dangerous and allow you to scan the device memory and read files, even from a remote device. The availability of the feasibility proofs of the six loopholes released by Zero is another important reminder to those who have not yet updated their device, and it would be better for Almond to do so.
The breach package was estimated to be about $ 5 million to $ 10 million, according to a price list published by Zerodium, the hacker's hacking dealership in French Carrer. Another company, Crowdfense, estimated the breaches at an even higher price of between $ 20 and $ 24 million. These are loopholes that many would love to put their hands on. Using them allows access to new iPhones even in the latest versions of Apple's operating system.
source: https://www.calcalist.co.il/internet/articles/0,7340,L-3767458,00.html
No comments:
Post a Comment