A team of bug-hunters at Google have shared details of five flaws in Apple's iMessage software that could make its devices vulnerable to attack.
In one case, the researchers said the vulnerability was so severe that the only way to rescue a targeted iPhone would be to delete all the data off it.
Another example, they said, could be used to copy files off a device without requiring the owner to do anything to aid the hack.
Apple released fixes last week.
But the researchers said they had also flagged a sixth problem to Apple, which had not been rectified in the update to its mobile operating system.
"That's quite unusual," commented Prof Alan Woodward, a cyber-security expert at the University of Surrey.
"The reputation of the Google Zero team is such that it is worth taking notice of."
The Project Zero team was established in July 2014 to uncover previously undocumented cyber-vulnerabilities. It has previously alerted Microsoft, Facebook and Samsung, among others, to problems with their code.
Urgent update
Apple's own notes about iOS 12.4 indicate that the unfixed flaw could give hackers a means to crash an app or execute commands of their own on recent iPhones, iPads and iPod Touches if they were able to discover it. Apple has not commented on this specific issue, but has urged users to install the new version of iOS, which addresses Google's other discoveries as well as a further range of glitches and threats. "Keeping your software up to date is one of the most important things you can do to maintain your Apple product's security," it said in a statement. News site ZDnet - which was first to report the matter - noted that the level of detail shared by Google about the other bugs could be enough to let bad actors craft exploits to take advantage of them. Users should download iOS 12.4 "with no further delay," it added. One of the two Google researchers involved - Natalie Silvanovich - intends to share more details of her findings at a presentation at the Black Hat conference in Las Vegas next month. The synopsis of her talk also promises it will cover potential vulnerabilities in Apple's Visual Voicemail service - which allows users to select specific recordings - and its Mail app. One of Apple's own security chiefs will also be attending the conference to give a separate presentation, which promises to go "behind the scenes of iOS and Mac security".DISCLAIMER: The Views, Comments, Opinions, Contributions and Statements made by Readers and Contributors on this platform do not necessarily represent the views or policy of Multimedia Group Limited.
Latest Stories
-
Bawumia joins thousands in Kumasi for burial prayers for Ashanti Regional Imam
2 hours -
Blue Gold Bogoso Prestea Limited challenges government actions in court
3 hours -
Verdicts due for 51 men in Pelicot mass rape trial that shook France
3 hours -
Syria not a threat to world, rebel leader Ahmed al-Sharaa tells BBC
3 hours -
Patrick Atangana Fouda: ‘A hero of the fight against HIV leaves us’
4 hours -
Trinity Oil MD Gabriel Kumi elected Board Chairman of Chamber of Oil Marketing Companies
4 hours -
ORAL campaign key to NDC’s election victory – North America Dema Naa
4 hours -
US Supreme Court to hear TikTok challenge to potential ban
5 hours -
Amazon faces US strike threat ahead of Christmas
5 hours -
Jaguar Land Rover electric car whistleblower sacked
5 hours -
US makes third interest rate cut despite inflation risk
5 hours -
Fish processors call for intervention against illegal trawling activities
6 hours -
Ghana will take time to recover – Akorfa Edjeani
6 hours -
Boakye Agyarko urges reforms to revitalise NPP after election defeat
6 hours -
Finance Minister skips mini-budget presentation for third time
6 hours