Google Security Researcher Stated a Problem in iMessage

Google Security Researcher Stated a Problem in iMessage

Security researcher of Google Project Zero, Natalie Silvanovich has disclosed a problem with iMessage that might result in the Apple phones needing to be wiped and restored to function correctly.

Silvanovich mentioned in a blog post that a malformed message, containing a text key that was not a string, may cause an exception to be thrown. When this property was utilized by one other technique assuming it was a string, however by no means checking it truly was a string, it caused another exception to occur.

“On a Mac, this causes Soagent to crash and respawn, however on an iPhone, this code is in Springboard,” Silvanovich stated.

Springboard is the appliance that handles the iOS home screen.

“Receiving this message will case Springboard to crash and repeatedly respawn, inflicting the UI not to be displayed and the phone to stop responding to input,” the security researcher added.

“This condition survives a tough reset, and causes the phone to be unusable as quickly as it’s unlocked.”

Silvanovich stated there are 3 ways to unbrick a device. However, all of them involved wiping or restoring the device.

The difficulty was found in April, with Apple fixing it in iOS 12.3 launched in May.

Silvanovich last year found a bug in WhatsApp that allowed hackers to take over its Android or iOS application when customers answered an incoming video call. The mobile apps have been the only ones hit because they used Real-time Transport Protocol for video conferencing, whereas its web client used WebRTC.

In March, Project Zero revealed a zero-day vulnerability in macOS after a deadline to resolve the issue expired, after reporting the matter to Apple in November.

Richard Addington

Richard Addington

Leave a Reply

Your email address will not be published. Required fields are marked *