Google researchers find six iOS security bugs worth $5 million

By Digit NewsDesk | Published on Jul 31 2019
Google researchers find six iOS security bugs worth $5 million

Get Redmi 8 4GB+64 GB @ RS.7,999

With 12MP+2MP AI Dual camera, 5000mAh battery, fast charging, Fingerprint sensor + AI Face unlock

Click here to know more

HIGHLIGHTS

​Google researchers find six security bugs in iOS.

These ‘interactionless’ bugs could cost well over $5 million.

5 of the 6 bugs discovered have been completely patched

Two members of Project Zero, Google’s bug-hunting team, have found six bugs in iOS that could have led cyber attackers to compromise devices like iPhones and iPads. The duo published the details and demo proof-of-concept code for five of the six “interactionless” security bugs that made the OS vulnerable to hackers who could have exploited it via the iMessage client. If sold in the exploit market, these six bugs would have reportedly fetched over $5 million.

The bugs were discovered by Google Project Zero security researchers Natalie Silvanovich and Samuel Groß. ZDNet reports that all the six security flaws were patched on July 22 when Apple rolled out the iOS 12.4 update. As per Silvanovich, details about one of the "interactionless" vulnerabilities are kept private because the latest iOS update did not completely patch the bug. Silvanovich will be holding a presentation about these vulnerabilities at the Black Hat security conference in Las Vegas next week.

How the bugs could have compromised iOS security

The researcher said that out of the six vulnerabilities, four could have lead to the execution of malicious code on a remote iOS device, with no user interaction needed. To compromise the device, an attacker could have sent a malicious message to the victim's phone. In such cases, the code is executed once the user opens and views the received message. The fifth and sixth bugs could have allowed an attacker to extract data from the compromised device's memory and read files off the device remotely, this too, with no user interaction.

According to a price chart published by US-based information security company Zerodium, if these bugs were sold on the exploit market, they could have brought over $1 million each for every vulnerability. It means that the bugs which the researchers published are valued between $5 million and $10 million. Vulnerability research hub Crowdfense told ZDNet that since the exploits were “interactionless,” and the vulnerabilities worked on recent versions of iOS exploits, these could have been valued between $2 million and $4 million each, that is, the total value of the bugs is between $20 million and $24 million.

logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.