“Look, No Hands!” – Google Researchers Disclose Zero Interaction Vulnerabilities in iOS 

Rafia Shaikh
ios app security iphone security

Security researchers at Google's Project Zero have discovered six bugs in iOS that can enable attackers to execute code remotely on an iPhone without any user interaction. Apple addressed five of these vulnerabilities with iOS 12.4, however, one still remains to be fixed.

These "interactionless" or "zero interaction" bugs resulted in the remote execution of malicious code on an iOS device. Since no user interaction was required, an attacker just needed to send a specially crafted message to the target's phone to be able to execute code remotely once the user opens the received message.

Related StoryAli Salman
A16 Bionic Chip in iPhone 14 Pro Beats the New Qualcomm Snapdragon 8 Gen 2 Chip in Benchmarks

These latest bug discoveries are critical since there isn't enough information about the interactionless iOS attack surface. The vulnerabilities are tracked under CVE-2019-8641, CVE-2019-8647, CVE-2019-8660, CVE-2019-8662, CVE-2019-8624, and CVE-2019-8646.

Google researcher to present "Look, No Hands! The Remote, Interaction-less Attack Surface of the iPhone [iOS]" at Black Hat

On August 7, Google Project Zero security researchers Natalie Silvanovich (who discovered these bugs along with fellow researcher Samuel Groß) will present a talk at the next week's Black Hat USA 2019 conference on these no-interaction remote vulnerabilities. An abstract of the talk reads:

There have been rumors of remote vulnerabilities requiring no user interaction being used to attack the iPhone, but limited information is available about the technical aspects of these attacks on modern devices. This presentation explores the remote, interaction-less attack surface of iOS. It discusses the potential for vulnerabilities in SMS, MMS, Visual Voicemail, iMessage and Mail, and explains how to set up tooling to test these components. It also includes two examples of vulnerabilities discovered using these methods.

We always recommend users to install security updates as soon as they are released, however, it is critically important to do so when the proof of concept has been released to the public.

Note: no details have been shared about the sixth bug since Apple is yet to issue a fix for it.

- Deal: Get the Recently Released OnePlus 7 with 12GB RAM for $539.99 (Unlocked)

News Source: ZDNet

Deal of the Day