A vulnerability in the iOS iMessage service has been discovered that could leak parts of your private messages to attackers.
Security researcher Natalie Silvanovich has released details of a security vulnerability affecting all Apple devices running iOS 12 or later and that could lead to data on your device such as iMessage messages being read by an attacker. The flaw is reportedly present in Siri and Core Data iOS components and affects any iPhone 5s or later model, iPad Air, and 6th generation or later iPod Touch devices.
The vulnerability is similar to a previously discovered flaw that allowed an attacker to send a malformed iMessage to users that would cause their phones to become unusable. This new vulnerability sends a message that causes some bytes of iMessage's memory space to be leaked to the attacker, which could potentially include private message data that is supposed to be secure.
This flaw was first recorded on May 17th by Natalie Silvanovich from Google's Project Zero team, a group tasked with finding undiscovered vulnerabilities before criminals and hackers get their hands on them. All exploits discovered are passed on to the companies involved and are then subject to a 90 day disclosure delay before being revealed to the public.
The 90 day disclosure delay is designed to give companies adequate time to address the problem, while the eventual public disclosure of vulnerabilities ensures companies can't simply ignore the reported bugs. Project Zero found five other vulnerabilities in iMessage that were then fixed in the iOS 12.4 update, but this latest exploit has yet to be resolved.
Source: Forbes, Bleeping Computer, Gizmodo
