21:52 GMT +321 October 2019
Listen Live
    iPhone

    Apple Released iOS Update Months After Security Flaws Found, Failed to Fix All – Report

    CC0
    Tech
    Get short URL
    113
    Subscribe

    The Cupertino tech giant claimed it had tackled the issue, but Google’s bug-hunting team insists the issue remains unresolved. This means a hacker could execute remote commands on your phone even if your iOS is updated to version 12.4, released on 22 July.

    A number of security flaws in Apple’s mobile operating system have been unveiled by Google’s Project Zero in recent months, and Apple has only recently rolled out an update to address them, yet the company failed to deliver on all of the issues, the BBC reported Tuesday.

    According to the report, Project Zero – a team of security experts dedicated to hunting bugs in various manufacturers’ software products – revealed five vulnerabilities, at least one of which allowed all files to be copied off without any assistance from the user. Another flaw was invasive enough that a targeted phone could only be saved by a complete reset to factory defaults, erasing all data.

    The two above-mentioned flaws were revealed in April and May of this year, yet Apple only saw fit to fix them in an iOS update released last week, BBC report says. 

    "That's quite unusual," Alan Woodward, a cyber-security expert at the University of Surrey, commented on Apple’s foot-dragging. "The reputation of the Google Zero team is such that it is worth taking notice of."

    However, the Cupertino-based tech giant failed to tackle a sixth vulnerability unveiled by Google, codenamed CVE-2019-8641, Project Zero says, despite Apple claims made in a patch note that the issue had been “addressed.”

    ​“We are withholding CVE-2019-8641 [detailed description] until its deadline because the fix in the advisory did not resolve the vulnerability,” Project Zero’s Natalie Silvanovich tweeted.

    According to the iOS 12.4 patch note, the flaw in question allows a hacker to crash an application or simply execute “arbitrary code” on the hacked device.

    Apple did not comment on the issue, but urged users to make sure their iOS version is always up to date, the BBC report says.

    Silvanovich reportedly intends to share more information on Project Zero’s findings at a presentation at the Black Hat conference in Las Vegas, which will be attended by Apple’s cybersecurity experts, among others.

    Previously, Google’s bug-hunting team alerted Microsoft, Facebook and Samsung, among other tech companies, about flaws in their code, the BBC says.

    Related:

    Apple Could Relocate Production of US-Bound iPhones Outside of China If Needed
    Viable Alternatives: Manufacturer Explains How Apple Can Make iPhones Outside of China
    Israeli Firm Boasts It Can Hack All iPhones, Flagship Samsungs
    Apple Considers Pulling 30% of iPhone Production From China Amid Trade War - Reports
    A North Korean iPhone? North Korea Releases Its Own Smartphone With State Approved Apps
    Tags:
    bug, vulnerability, Apple
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik