Home » News » Mobile Phones » Google researchers find six iOS security bugs worth $5 million

Google researchers find six iOS security bugs worth $5 million

By Digit NewsDesk | Updated on 31-Jul-2019
Google researchers find six iOS security bugs worth $5 million
Digit NewsDesk Digit NewsDesk
31 Jul 2019 12:14
HIGHLIGHTS

​Google researchers find six security bugs in iOS.

These ‘interactionless’ bugs could cost well over $5 million.

5 of the 6 bugs discovered have been completely patched

Two members of Project Zero, Google’s bug-hunting team, have found six bugs in iOS that could have led cyber attackers to compromise devices like iPhones and iPads. The duo published the details and demo proof-of-concept code for five of the six “interactionless” security bugs that made the OS vulnerable to hackers who could have exploited it via the iMessage client. If sold in the exploit market, these six bugs would have reportedly fetched over $5 million.

The bugs were discovered by Google Project Zero security researchers Natalie Silvanovich and Samuel Groß. ZDNet reports that all the six security flaws were patched on July 22 when Apple rolled out the iOS 12.4 update. As per Silvanovich, details about one of the "interactionless" vulnerabilities are kept private because the latest iOS update did not completely patch the bug. Silvanovich will be holding a presentation about these vulnerabilities at the Black Hat security conference in Las Vegas next week.

How the bugs could have compromised iOS security

The researcher said that out of the six vulnerabilities, four could have lead to the execution of malicious code on a remote iOS device, with no user interaction needed. To compromise the device, an attacker could have sent a malicious message to the victim's phone. In such cases, the code is executed once the user opens and views the received message. The fifth and sixth bugs could have allowed an attacker to extract data from the compromised device's memory and read files off the device remotely, this too, with no user interaction.

According to a price chart published by US-based information security company Zerodium, if these bugs were sold on the exploit market, they could have brought over $1 million each for every vulnerability. It means that the bugs which the researchers published are valued between $5 million and $10 million. Vulnerability research hub Crowdfense told ZDNet that since the exploits were “interactionless,” and the vulnerabilities worked on recent versions of iOS exploits, these could have been valued between $2 million and $4 million each, that is, the total value of the bugs is between $20 million and $24 million.

Digit NewsDesk

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo