Google's Project Zero unveiled an iMessage bug capable of bricking Apple iPhone and Mac devices. The said vulnerability also has the ability to survive hard resets, leaving iPhone users with no other choice but to reboot their devices via factory reset and recovery mode.
A recent post from Natalie Silvanovich, a Google Project Zero researcher, revealed that they discovered a malformed iMessage bug that could pose a serious risk to both Apple's Mac and iPhone in two different ways.
The iMessage bug enters the iPhone via the Springboard. A repeated crash and respawn response is the initial iPhone response upon receiving the bricking iMessage bug.
The repeated crash and respawn causes the UI to disappear, making it impossible for inputs to be keyed in. An iPhone user will resort to a hard reset which does not solve the issue, even leaving the phone unusable when unlocked.
An iPhone user's last option will be to do the factory reset and restore. The latter, however, results in the loss of all the data stored on the restored device.
The Google Project Zero post also revealed how the bricking iMessage bug affects Mac devices in a different way. The code targets the soagent, causing also the crash and respawn problem.
Although the vulnerability does not affect the Mac devices that long, the worst thing that the bug can do is to stop the Mac Messages app from working.
Apple fixed the bricking iMessage bug, by making the patch available along with the release of the iOS 12.3 on May 13.
The Cupertino tech giant's move assured that, as long as iPhone and Mac users keep their device updated, they are less prone to the vulnerability brought by the iMessage bug.
The disclosure of the iMessage bug comes after Apple complied with the Google Project Zero disclosure policy giving the company a 90-day allowance to have the issue fixed. In this case, Google's move of revealing to the public is to disclose a recently resolved issue which they discovered on April 19 and how the public will take advantage of the bug fix.
This article was first published in IBTimes US. Permission required for reproduction.
