Google got Apple to fix 10 security flaws in the iPhone

Google got Apple to fix 10 security flaws in the iPhone

A Google researcher uncovered 10 flaws in Apple’s iPhone. (AP Photo/Ng Han Guan, File)

presentation Wednesday at the Black Hat security conference revealed that critical vulnerabilities in the iPhone’s iOS operating system had left it open to remote attacks that did not require a single tap or swipe by the targeted user.” data-reactid=”22″>LAS VEGAS—Apple (AAPL) prides itself on the security of its mobile devices, but a presentation Wednesday at the Black Hat security conference revealed that critical vulnerabilities in the iPhone’s iOS operating system had left it open to remote attacks that did not require a single tap or swipe by the targeted user.

“zero-day” vulnerability, which is a flaw that a company has no idea existed, that requires zero interaction by the target is nightmare fuel in information-security circles. And Apple only learned of this issue—reportedly already exploited by such state actors as the United Arab Emirates—because of research by one of its biggest rivals: Google (GOOG, GOOGL).” data-reactid=”23″>A “zero-day” vulnerability, which is a flaw that a company has no idea existed, that requires zero interaction by the target is nightmare fuel in information-security circles. And Apple only learned of this issue—reportedly already exploited by such state actors as the United Arab Emirates—because of research by one of its biggest rivals: Google (GOOG, GOOGL).

outside security help is a major advance, and something Apple’s customers should welcome.

iMessage issues

Project Zero bug-hunting effort Google launched in 2014, explained how she and colleagues sought to confirm persistent rumors of serious iOS vulnerabilities.” data-reactid=”26″>In Wednesday’s presentation, Natalie Silvanovich, a researcher with the Project Zero bug-hunting effort Google launched in 2014, explained how she and colleagues sought to confirm persistent rumors of serious iOS vulnerabilities.

The subsequent work unearthed 10 flaws, some allowing remote access without interaction by the user, in such messaging components as visual voicemail and iMessage.

“These are basically bugs that anyone can use from anywhere to attack anyone,” Silvanovich said.

She demoed two during her presentation, one that allowed an attacker to copy an image from the target iPhone and another that resulted in the attacker opening the Calculator app on the attacked iPhone.

hacker shorthand for “elite”–as the audience applauded in appreciation.” data-reactid=”30″>The Calculator’s display showed 1,337—hacker shorthand for “elite”–as the audience applauded in appreciation.

a detailed report from Silvanovich breaking down these findings. The good news: Apple has already fixed all 10, with credit given to Project Zero in the security release notes for the iOS 12.4 update that should already have reached your iPhone. The bad: Many of these bugs resulted from iOS features that didn’t benefit customers.” data-reactid=”31″>Right after the talk, Project Zero’s blog added a detailed report from Silvanovich breaking down these findings. The good news: Apple has already fixed all 10, with credit given to Project Zero in the security release notes for the iOS 12.4 update that should already have reached your iPhone. The bad: Many of these bugs resulted from iOS features that didn’t benefit customers.

“The majority of vulnerabilities occurred in iMessage due to its broad and difficult to enumerate attack surface,” the post read. “Most of this attack surface is not part of normal use, and does not have any benefit to users.”

In fewer words: Complexity kills.

Bug bounty 2.0

A talk Thursday by an Apple security expert did not address Silvanovich’s findings but did show Apple dramatically expand its bug-bounty program. Security-engineering head Ivan Krstić told a packed auditorium: “We’d like to take this further.”” data-reactid=”35″>A talk Thursday by an Apple security expert did not address Silvanovich’s findings but did show Apple dramatically expand its bug-bounty program. Security-engineering head Ivan Krstić told a packed auditorium: “We’d like to take this further.”

announced at this event three years ago, the program coming this fall covers all of Apple’s operating systems and is open to all security researchers, not just a subset of Apple-anointed experts. And its payouts for documented vulnerabilities in shipping software will ascend as high as $1 million.

bug-bounty systems at such firms as Google and Facebook (FB), is to reward researchers for reporting “vulns” instead of selling them to attackers.” data-reactid=”37″>The idea behind this program, like the bug-bounty systems at such firms as Google and Facebook (FB), is to reward researchers for reporting “vulns” instead of selling them to attackers.

Apple’s expanded regime will pay for Mac bugs as well as iPhone and iPad vulnerabilities and will also cover the Apple TV’s tvOS and the Apple Watch’s watchOS.

That million-dollar reward will require documentation of a remote attack that requires zero user interaction and gains persistent, system-wide control. Less dangerous vulnerabilities will earn less; for example, the peak payout for a lock-screen bypass is $100,000.

Krstić said Apple will offer 50% more for vulnerabilities found in test versions of unreleased software. “The number one reason to have a bounty is to find a vulnerability before it ever hits customers’ hands,” he said.

Krstić also announced that Apple will provide “research platform” iPhones for security researchers starting next year that will allow closer inspection of Apple’s software and hardware.

Bug bounties aren’t magic dust

Electronic Frontier Foundation, said after Krstić’s talk that Apple had been “late to the party” with its earlier, cautious program and commended this expansion of it.” data-reactid=”43″>Kurt Opsahl, deputy executive director and general counsel of the Electronic Frontier Foundation, said after Krstić’s talk that Apple had been “late to the party” with its earlier, cautious program and commended this expansion of it.

He added that Apple’s rewards now approach what the worst vulnerabilities command on bug black markets.

Another security expert, however, worried about possible unintended consequences of such a generous lure.

Luta Security who earlier created the first vulnerability-disclosure program for Microsoft (MSFT). “For another, this may be enough of an incentive for insiders to collude with outsiders.”” data-reactid=”50″>“For one, the offense prices will simply increase as a direct result,” emailed Katie Moussouris, CEO of Luta Security who earlier created the first vulnerability-disclosure program for Microsoft (MSFT). “For another, this may be enough of an incentive for insiders to collude with outsiders.”

But in an effort that fundamentally lacks an end, more eyes on the problem can only help. As the EFF’s Opsahl put it, “I believe that Apple has a very good security team, but any complex system is extremely hard to secure.”

Robat rob@robpegoraro.com; follow him on Twitter at@robpegoraro.” data-reactid=”52″>EmailRobat rob@robpegoraro.com; follow him on Twitter at@robpegoraro.

div#stuning-header .dfd-stuning-header-bg-container {background-image: url(https://safevoip.co.uk/wp-content/uploads/2017/04/slider.jpg);background-size: initial;background-position: top center;background-attachment: initial;background-repeat: no-repeat;}#stuning-header div.page-title-inner {min-height: 650px;}