The weaknesses reported by the team are related to the so-called ImageIO framework that is present on all Apple systems iOS, IOS, MecOS, WatchOS and TOS, so all Apple devices appear to be affected by these threats. Appear to be New cyber security flaws, however, are already linked to reported and fixed issues that were passing the pictures, but this time, it is related to the popular messaging apps.
The problem is that the risk-phone user does not need to click on any suspicious-looking links or anything of this type, which is why it is called the threat of 'zero click'. According to reports, Project Zero worked with a technique called 'Fuzzing', a software testing mechanism that provides invalid, unexpected or random data as input into Apple's ImageIO framework. The team then reportedly discovered six threats in the iOs, and eight more in a third-party image form, also known as Open EXR, which was exposed by Apple's ImageIO. Apple has already fixed the risks (in january and April) in the security patch, according to reports.
It is important to note that the threats were accessible through popular messaging apps but were not linked to the source code of the apps, so the team said it was Apple's responsibility to fix it instead of the individual messaging app team.
A researcher from the Project Zero team, posted the report and stated that, even though all of the issues that were found were already fixed by Apple, some additional vulnerabilities of the same type can still be present and with enough hard work from malicious hackers, could potentially be exploited as zero-click attacks on Apple devices.
The researcher recommended that the Cupertino-based tech giant performs more “fuzz-testing”. Additionally, he advised that Apple implements an aggressive attack-surface reduction in its OS libraries, meaning to reduce the number of compatible file formats in order to improve security
0 Comments