Update your iPhone to fix these major iOS security flaws

July 31, 2019

By Kim Komando

With competition so fierce between major technology companies, it can seem strange to imagine them ever working together under any context. While this isn’t unheard of, it’s rare enough to warrant skepticism that the collaboration is more than just a corporate merger or industrial mischief.Well, the unthinkable has happened. Eternal rivals Google and Apple have actually worked together on something — and this time, it’s of the utmost importance for iPhone owners. Google, as part of its bug-hunting program, discovered a number of critical security flaws in Apple’s iMessage. Apple, in response, has released patches to fix the flaws for anyone ready to download. How’s that for teamwork?If you or a loved one own an iPhone, now’s the time to get these critical security updates. If left unchecked, hackers could easily exploit them to gain access to your personal data — or worse! Here’s what you need to know about Apple and Google’s security collaboration, as well as a secret bug that still remains a mystery.

What is Google’s mysterious “Project Zero?”

Though it sounds like a sinister sci-fi plot for world domination, nothing could be further from the truth. Project Zero is a team of security analysts at Google that specializes in uncovering dangerous bugs and security exploits that hackers might use to commit cybercrimes.The name comes from “zero-day exploits,” which we’ve covered here at Komando.com numerous times for a variety of different programs. In a sense, you can think of the Project Zero team as “white hat” hackers — in other words, hackers that use their powers for good instead of evil.With their mastery of computers and code, the folks at Project Zero try their hardest to break into famous pieces of software — and promptly inform the vendors once they discover something that needs attention. The goal of the project is to help reduce cybercrime, but Project Zero does serve an ulterior purpose by increasing Google’s influence over the software industry at large.This brings us to its latest client — one for whom it’s discovered six critical exploits that put user’s phones at risk. We’re, of course, talking about none other than Apple.

Major security flaws discovered in iOS

Project Zero uncovered a number of zero-day exploits in the latest version of Apple’s iOS 12 software. The exploits can be traced to the company’s iMessage app, which is the standard program used to send text messages on the iPhone.The exploits discovered by Project Zero allow hackers to send a corrupted message that once opened makes the phone completely vulnerable to data extraction or worse. Additionally, two of the four glitches addressed rely on memory exploits.In response to Google’s discovery, Apple announced that it’s developed a patch for iOS12. They’re encouraging users to update immediately — which will prevent attackers from getting the chance to harness the power of the exploit. As of now, there have been no reports of this exploit being utilized by cybercriminals.

One bug remains a mystery

Project Zero and Apple both acknowledged the discovery of six security flaws, but Apple’s current patches only address five of them. The sixth and final bug remains a mystery to the public, and as per Project Zero’s rules, the bug will remain confidential while Apple works on a fix. A patch is expected in the near future.While we don’t know what this particular exploit does or how it works, we can rest assured that it’s being addressed. It’s not too comforting to know that an unaddressed bug remains after downloading the patches, but it’s likely not a priority.Were it a major exploit like 2014’s Heartbleed (which Project Zero also addressed), it would likely be announced even if there were no fix for it yet.

How can I get the patch?

You can download the latest update to iOS right now by navigating to your Settings app, selecting General, and opening the menu labeled Software Update. The update will immediately populate the menu, and you can download it directly to your device.Keep in mind, there’s still an unaddressed bug floating around, so tread cautiously in your internet adventures. Don’t open any unfamiliar links, don’t download anything from anywhere that’s not familiar, and most of all, avoid communicating with accounts you don’t know.Those are the most common vectors for security exploits and phishing schemes, and by staying aware, you can keep them far away from your device. We’ll be updating this story as soon as we know what this final mystery bug is, and how you can get your hands on the latest security patch.

https://www.komando.com/tips/apple/update-your-iphone-to-fix-these-major-security-flaws/