Majority of iPhone users open to iMessage spy attack

In News

Cybersecurity researchers have said that over 90 percent of Apple iPhone users — consumer and enterprise — still remain vulnerable to bugs in iOS that can be remotely exploited without any user interaction via the iMessage client. These could reveal pictures, videos, notes, PDFs and so on stored on the phone.

Though Apple has fully patched five of six critical flaws revealed earlier this week by Google’s Project Zero with the 12.4 iOS update, as of August 1 only 9.6 percent of enterprise devices have been updated, according to a senior official at Wandera.

“The exploit initiates a dump of the victim’s iMessage database and compromises the iOS sandbox, putting files on the device at risk,” he said. “This vulnerability calls into question the integrity of iOS sandboxing, which is one of the most significant fundamentals of the entire iOS security model. This iMessage exploit has similar implications to a jailbreak in that the weakness in iMessage exposes the file space on the device.”

The code to exploit these vulnerabilities is publicly available, he added, so anyone with a MacOS device and the phone number or iMessage account details of a victim could attack and spy on a target: “[This] is very easy for any bad actors to execute. Unlike the recent WhatsApp vulnerability, anyone with intermediate to advanced computing skills can use this code to hack any iPhone which hasn’t been updated.”

The patch for iOS was released on July 22, but user notifications haven’t rolled out; iPhone owners need to manually visit the “software update” section in the settings area and initiate the download.

Comments

You may also read!

Help AG and SentinelOne to arm enterprises against endpoint attacks

Help AG has partnered with SentinelOne to thwart the efforts of cybercriminals that have shifted their focus towards targeting

Read More...

ESET’s Endpoint Security picks up Top Player position

ESET, a global leader in cybersecurity has been recognized as a ‘Top Player’ for the second consecutive year in

Read More...

SophosLabs 2020 Threat Report released

Sophos, today launched its 2020 Threat Report providing insights into the rapidly evolving cyberthreat landscape. The report, produced by SophosLabs researchers,

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu