Majority of iPhone users open to iMessage spy attack

In News

Cybersecurity researchers have said that over 90 percent of Apple iPhone users — consumer and enterprise — still remain vulnerable to bugs in iOS that can be remotely exploited without any user interaction via the iMessage client. These could reveal pictures, videos, notes, PDFs and so on stored on the phone.

Though Apple has fully patched five of six critical flaws revealed earlier this week by Google’s Project Zero with the 12.4 iOS update, as of August 1 only 9.6 percent of enterprise devices have been updated, according to a senior official at Wandera.

“The exploit initiates a dump of the victim’s iMessage database and compromises the iOS sandbox, putting files on the device at risk,” he said. “This vulnerability calls into question the integrity of iOS sandboxing, which is one of the most significant fundamentals of the entire iOS security model. This iMessage exploit has similar implications to a jailbreak in that the weakness in iMessage exposes the file space on the device.”

The code to exploit these vulnerabilities is publicly available, he added, so anyone with a MacOS device and the phone number or iMessage account details of a victim could attack and spy on a target: “[This] is very easy for any bad actors to execute. Unlike the recent WhatsApp vulnerability, anyone with intermediate to advanced computing skills can use this code to hack any iPhone which hasn’t been updated.”

The patch for iOS was released on July 22, but user notifications haven’t rolled out; iPhone owners need to manually visit the “software update” section in the settings area and initiate the download.

Comments

You may also read!

Data Protection Day 2020: De-Risking in the Era of Transparency

Daniel Fried, General Manager (GM) and Senior Vice President (SVP), EMEA and Worldwide Channels, Veeam explains the relevance of

Read More...

Allegion showcases its latest security solutions at Intersec 2020

Allegion exhibited its latest security solutions at Intersec 2020. With a strong focus on security around the door and

Read More...

Infoblox announces 5-city cybersecurity tour throughout MEA

Infoblox announced that it is hosting a 5-city cybersecurity tour throughout Middle East & Africa (MEA) under the theme

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu