Google found a way to remotely attack Apple iOS devices by sending a boobytrapped iMessage

Google found a way to remotely attack Apple iOS devices by sending a boobytrapped iMessage

I do hope that owners of iPhones and iPads updated their devices to iOS 12.4 when it was released last week.

Details weren’t shared at the time, but we now know that the iOS security update addressed critical vulnerabilities discovered by Google security researchers Samuel Groß and Natalie Silvanovich that could allow a remote attacker to attack an iPhone just by sending a maliciously-crafted iMessage.

Thankfully the vulnerabilities, which could most likely have been sold to an intelligence agency for millions of dollars, were responsibly disclosed to Apple in May so that they could be addressed and fixed within the 90-day disclosure deadline imposed by Google.

Sign up to our free newsletter.
Security news, advice, and tips.

Ios bug tweet

The vulnerabilities are said to allow a remote attacker to run malicious code on an iOS device without requiring any action by the targeted user, opening up opportunities for iPhones and iPads to be spied upon without the knowledge of their owners and without the snooper requiring any physical access to the device.

Google security engineer Natalie Silvanovich is scheduled to give a talk at Black Hat in Las Vegas next week, entitled “Look, No Hands! – The Remote, Interaction-less Attack Surface of the iPhone”

iPhone and iPad users often have their devices configured to automatically install updates like iOS 12.4, but – if you want to make sure that you are protected – follow these instructions:

Click on Settings > General > Software Update, and choose Download and Install.

To hear further discussion about this issue, be sure to listen to this episode of the “Smashing Security” podcast:

Smashing Security #139: 'Capital One hacked, iMessage flaws, and anonymity my ass!'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.