Wonderful Engineering

Google Researchers Discover Vulnerabilities In iOS That Could Have Been Sold On Black Market For $5M Each

A team of Google researchers had discovered some serious iOS security flaws last month. These vulnerabilities could have been sold for a price of $5 million each on the black market according to reports.

The six critical vulnerabilities that had been discovered were patched in the iOS 12.4 update that was rolled out last month. These vulnerabilities were originally discovered by a team of security researchers at Google. Natalie Silvanovich and Samuel Groß are two members of Project Zero bug-hunting team at Google. The duo notified Apple of the existing vulnerabilities.

Silvanovich also laid out the details on some of the bugs while providing a demonstration of exploits in action at the Black Hat security conference that was held during the start of the month in Las Vegas. Most of the vulnerabilities that were discovered by the bug-hunting team of Project Zero were so-called ‘interaction-less’ bugs. This means that they could have been triggered on a remote iOS device without the need for any direct interaction with the device.

What does it mean? It means that a potential hacker would only have to send a malicious code – let’s say via iMessage – and then simply wait for the victim to open that message. These interactionless bugs are in high demand for hackers thus implying that the security flaws that were discovered could have been sold on the black market or other seedy parts of the internet for a hefty sum of $5 million per vulnerability as per ZDNet.

Although Apple has catered to these critical vulnerabilities by releasing iOS 12.4 on 22 July, the dup from Project Zero is not giving details about one particular vulnerability that has not been completely patched as of yet. With that in mind, users are strongly advised to make sure that their iPhones are kept up to date and must download the update as soon as they become available to prevent becoming a victim of any security risk.