The past week has not been very positive for Apple and iOS. The security flaws revealed show that the mobile operating system is vulnerable and can be attacked by anyone looking to exploit these flaws.
With this process still to be addressed, there is now more news of problems for this system and for Apple. It was Google’s Project Zero that revealed them and show that there are 6 more flaws that can be exploited.
New security issues for Apple
The relationship between Project Zero from Google and Apple is not the most friendly. The case of revealing faults before they were corrected is still recent, putting users at risk. Still, this is an important and necessary step.
In the most recent publication by this security team from Google, the focus was on iOS and 6 flaws that exist in the system. These have the particularity that they can be exploited without any user intervention.
Project Zero discovered flaws in iOS
What was revealed, these flaws are based on a component increasingly used in these operating systems. We talk about the treatment of images received in messages and in the apps that treat them. These are delivered to iOS and the framework Image I / O from Apple.
These 6 failures (1, 2, 3, 4, 5, 6) allow the attacker to access the equipment without user intervention. However, they are not enough to give full access, but they are the door to more complex and aggressive attacks.
Google will investigate this further
In addition to this Apple framework, Project Zero discovered 8 more associated flaws. These affect OpenEXR, an open-source library for handling EXR image files, which is present as an external component with Image I / O.
According to Google, Apple will have already solved these flaws, so this could be an overcome problem. However, Google and Project Zero will investigate this flaw further and try to understand its real impact and depth.