iMessage security flaws uncovered - here's what you need to know

News
By
published

Google's Project Zero researchers discovered several vulnerabilities in Apple's iMessage

iMessage
(Image credit: Future)

Security researchers have urged iPhone users to update their device software immediately following the discovery of vulnerabilities in iMessage.

Researchers from Google's Project Zero discovered five flaws Apple's mobile messaging software that could leave its devices vulnerable to attack.

One of the vulnerabilities they uncovered was so severe that only way to save a targeted iPhone would require deleting all of the data contained on the device. Another vulnerability could even be used to copy files off of a device without any help from the device's owner.

Google established its Project Zero team back in 2014 with the aim of uncovering previously undocumented vulnerabilities and so far it has informed Microsoft, Facebook, Samsung and others regarding problems in their code.

iOS update

Apple is well aware of the seriousness of the vulnerabilities discovered by Google and even its own notes regarding iOS 12.4 show that if left unpatched, the flaws could allow hackers to crash an app or execute their own commands on recent iPhones, iPads and even the new iPod Touch if they happen to discover it.

The iPhone-maker has not commented on the issue specifically but it is urging users to install the latest version of iOS which contains fixes for the vulnerabilities as well as additional glitches and threats. 

While Apple released fixes to these vulnerabilities last week, the researchers also flagged a sixth vulnerability which has not yet been patched in the latest update to iOS.

In a statement, Apple stressed the importance of regularly updating your devices, saying:

“Keeping your software up to date is one of the most important things you can do to maintain your Apple product's security.”

ZDnet, which broke the initial story, noted that Google's researchers had shared enough details about the vulnerabilities that attackers could be able to craft exploits to take advantage of them.

If you own any of Apple's mobile products, it is highly recommended that you update them immediately to avoid falling victim to any potential attacks or exploits.

Via The BBC

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
botnet
Another top security camera maker is seeing devices hijacked into botnet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Latest in News
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
Google Maps
Nightmare Google Maps glitch is deleting timelines, and there isn't a fix yet
Twitter social media application change logo to X. Elon Musk CEO of twitter rebranded Twitter to 'X'. Social media application technology concept.
X is down again – Elon Musk confirms 'massive cyberattack' as former Twitter site hit by fourth outage today
Joe Goldberg and Kate Lockwood sitting at a table and looking at the camera in You season 5.
Netflix releases a killer new trailer for You season 5 but my favorite character is missing from Joe's final chapter
Person using Dyson V8 vacuum
Dyson vacuums have one big problem and I don't understand why
More about security
botnet

YouTubers targeted by blackmail campaign to promote malware on their channels
A hacker wearing a hoodie sitting at a computer, his face hidden.

Experts warn this critical PHP vulnerability could be set to become a global problem
TCL QM7K TV on orange background

TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
See more latest
Most Popular
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
A computer screen showing a spreadsheet in use.
This entire nation's public health department was found to be running on a single Excel spreadsheet
Person using Dyson V8 vacuum
Dyson vacuums have one big problem and I don't understand why
Glowing server racks inside a data center.
The dirty little secret about AI hardware that you should know about: server vendors have to wrestle with wafer thin margins and bigger customers
Joe Goldberg and Kate Lockwood sitting at a table and looking at the camera in You season 5.
Netflix releases a killer new trailer for You season 5 but my favorite character is missing from Joe's final chapter
Google Maps
Nightmare Google Maps glitch is deleting timelines, and there isn't a fix yet
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A laptop on a desk with the Windows 11 background on its screen.
Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier
A screen shot from a promotional video showing the HealthBuds fitness tracking earphones from Synseer
These mysterious wireless earbuds claim to monitor your heart and hearing health simultaneously, but there’s a catch
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems