Last year, Google’s Project Zero team helped Apple fix a critical flaw in iPhones that hackers could exploit. Now, the team has announced six new vulnerabilities on Apple’s platforms.
The vulnerabilities that Project Zero’s team found related to a framework called ImageIO, appear on all Apple systems, from tvOS, watchOS to iOS and macOS. As a result, nearly every Apple device is affected by these vulnerabilities. However, these new cybersecurity vulnerabilities have been reported and remedied with an image analysis code. But this time, it relates to images in popular messaging apps.
The problem is that this vulnerability doesn’t require users to click on any suspicious links or anything like that, which is why it’s called a “zero-click” vulnerability. Project Zero said it implemented a technique called “fuzzing” – a software testing method – to bring invalid, unexpected or random data into Apple’s ImageIO framework. From there, the team uncovered six vulnerabilities in ImageIO and added eight in a third-party image format, called OpenEXR, revealed from Apple ImageIO. Reportedly, Apple has overcome the above vulnerabilities.
Note that these vulnerabilities are accessible through popular messaging apps but not linked to the application’s source code. So the group claims that Apple needs to be responsible for fixing it, instead of just the private messaging app group.
Samuel Groß, a researcher in the Project Zero group, published the report and stated that, although all of these bugs have been fixed by Apple, some additional vulnerabilities of the same type can still be exported. show up. And if hard-working, hackers can exploit them as zero-click attacks on Apple devices.
The researcher recommends Cupertino-based technology giants should conduct more “fuzzing tests”. In addition, he advises that Apple should reduce attack-surface attacks on its operating system libraries. That means they should cut back on the number of compatible file formats to improve security.