Google’s Security Researchers Publish A New Website Hack
We all know that a year ago, Google’s researchers recently stated regarding the Apple security vulnerabilities. The researchers say that there is no target discrimination. Merely visiting the hacked site will be enough for the exploit server to attack your device.
The researchers can collect five separate, complete, and unique iPhone exploit chains. They include almost every version from iOS 10 through to the latest version of iOS 12. So, in this way, the tech giant’s elite Project Zero bug-hunters disclosed security vulnerabilities in Apple iOS.
Now, the same Google team brings out another surprise for iPhone users. This time it aims at underlying vulnerabilities that may provide attackers with an entry point. So, the tech giant’s aim is on Apple ecosystem now.
Fuzzing ImageIO Draws The Attention To Other Contents
There is news that Google titled its report as “Fuzzing ImageIO”. It discusses an old type of issue regarding the vulnerabilities in image format parsers.
In the process, multiple vulnerabilities in image parsing code are found. These reports are even brought to Apple or the respective open-source image library maintainers.
Apple’s Security Vulnerabilities
However, a few weeks back, we have seen two of Apple’s security issues being problematic. One of them says that Apple’s mail app has chances of crashing with a maliciously crafted email.
Google tested Apple’s security by fuzzing images and randomising the data such that the device will not know how to handle it. However, Google’s approach is not intended to be exhaustive. It instead points out that a more sophisticated version of the same method may yield better results.
With this, a lot of vulnerabilities came out in the report. So, Google suggests vendors adopt continuous fuzz-testing. It also recommends the messaging platforms only to accept the most common image formats.
Affect On Apple’s Operating Systems Pre-patching
All the issues that we have come through will affect the pre-patching of Apple’s operating systems. However, threat groups prize exploits that they will inevitably run on target devices. But, Apple hopes that this brings fairly torrid security disclosures to an end.
Finally, the company has patched these issues. It is also doing the same with mail and text vulnerabilities.