The Google Project Zero security department specialist Natalie Silvanovich explored several essential bugs in iOS, which were removed by Apple in the updated 12.4v.
The bugs were pointed out by Silvanovich yet in May 2019. Apple had 90 days to solve the issue before it would be published in the Project Zero bug tracker.
These bugs gave the greenlight to:
- read iMessage dialogues remotely and browse files without user's consent;
- initiate the shutdown of any app and execution of arbitrary code;
- remotely damage the device storage.
It's not the whole list of all bugs Natalie found, but she doesn't unveil all details by now as the 90-days term hasn't expired yet and the bugs are still active.
