Google claims that the vulnerability found in iOS 12.4 could allow attackers to remotely penetrate the iPhone without any interaction with the user. The Google Project Zero team explained that the security flaw in iOS 12.4.1 was fixed in mid-2019. It can essentially allow an attacker to gain access to almost anything on the iPhone without any permission.
The only thing a hacker needs is the user's Apple ID to launch the attack, which only takes a few minutes. Thereafter, attackers can access files, passwords, two-factor authentication codes, text messages, emails, and app data.
To make matters worse, hackers can control the microphone and camera to monitor iPhone users. CVE-2019-8641 documents an exploit for the attack that allows hackers to bypass ASLR and then initiate remote code execution outside the sandbox without requiring the user to take any action.
In a technical vulnerability analysis, Google researchers explained that, although it has been addressed, further mitigation measures are needed to prevent similar security issues.
Fortunately, only devices running iOS 12.4 are affected, so if you have iOS 13 installed, you should be in a safe state. In fact, this is the only recommendation to stay safe and avoid the threat of potential attacks from this or similar vulnerabilities: update to the latest iOS version as soon as possible, since the new version includes the latest security patches.
Image Via MacTrast
إرسال تعليق