How a “simple” message can hack your iPhone

Merouan Goumiri

June 02, 2023 at 11:30 a.m.


Apple iMessage © DenPhotos /

© DenPhotos / Shutterstock

Beware: a critical security flaw has just been discovered in iOS.

To interfere in your iPhone, it does not need any action on your part, except to receive a message by the iMessage service…

A critical flaw discovered in iOS

While monitoring traffic on their own Wi-Fi network, KUMA (for Kaspersky Unified Monitoring and Analysis Platform) teams recently noticed suspicious activity from several devices running iOS. Since Apple’s operating system is particularly closed, the developers had no choice but to create offline backups of the devices affected by the threat to observe its path and thus understand its origin.

To do this, the Kaspersky teams used a tool called Mobile Verification Toolkit (MVT), which was specifically designed to identify traces of compromise on iOS and Android. The results of this research finally enabled them to identify the cause of the suspicious activities previously detected on the Apple brand’s mobile OS.

iOS 15 © Apple

© Apple

When sending a message can prove fatal…

By following this method, KUMA was able to roughly reconstruct the events in their chronological order. The teams were then able to observe and identify the source of the problem. According to the results of their analyses, it would be enough to receive a message accompanied by a malicious attachment, all by the iMessage service (which is specific to Apple), for the user’s iPhone to be the target of a critical vulnerability. No further customer interaction is required for any code to run on their device. Therefore, cyber attackers can take control of the infected device.

Still according to the analyzes carried out by Kaspersky, the oldest traces of infection date back to 2019. At present, no version later than iOS 15.7 is however affected by this flaw. This is why, if your device is compatible, we invite you without further delay to install the most recent version of iOS 16 on it.

Source : Securelist

Source link -99