Daily News Roundup: Google Discloses iOS “Interactionless” Vulnerabilities

Share
  • July 31, 2019

Google, through its Project Zero initiative, disclosed six vulnerabilities in iOS. In each case, a hacker could execute remote code on someone’s iPhone without any interaction by the user. Apple’s iOS 12.3 fixes five of the issues.

Project Zero is Google’s initiative to discover zero-day vulnerabilities and disclose them to the appropriate manufacturer, followed by a public announcement of the problem.

Recently, two members of the project team described six vulnerabilities in iOS. In each case, an attacker could send a malformed message through iMessage and the code would execute as soon as the victim opened and viewed the item. The announcement included proof-of-concept code and full details for five of the vulnerabilities.

Apple fully patched those five issues in iOS 12.3, so if you haven’t fully updated your devices, you should. Google withheld details of the sixth vulnerability for now as Apple hasn’t fully patched that issue yet. [ZDNet]

In Other News:

  • Samsung announces Galaxy Tab S6: The Galaxy S6 is official and the tablet has impressive specs to take on competitors. Boasting a Snapdragon 855 chipset, 6GB or 8GB of RAM, and 128GB or 256GB of storage, the tablet checks all the boxes to hit the high-end market. The Galaxy Tab S6 starts at $649 and includes an S-Pen. Samsung is also offering an optional keyboard and kickstand case for $179. [Samsung]
  • Apple’s Credit Card launches in August: In March, Apple announced the Apple Card. The company said the credit card would come in both digital and physical forms, although the titanium card wouldn’t display any card numbers, CCV, or expiration date. Now, Apple says it will start accepting applications for the card in August. [The Verge]
  • Wyze will offer smart plugs at insanely cheap prices: You could describe the entire Wyze business model as “smart things for cheaper than dirt.” The company is continuing that trend with upcoming smart plugs. The plugs will cost $14.99 for a two-pack, more than half the price of iClever plugs. Pre-orders ship in September. [Wyze]
  • Chrome 76 released yesterday with new features in tow: Google took the wraps off Chrome 76 yesterday. Once you receive this update, Chrom will block Flash by default, prevent websites from detecting incognito mode, and more. You should get the update automatically, but you can force it in Chrome’s “About” dialog. [How-To Geek]

Facebook wants to read your mind, but not in the usual creepy way. A few years ago, the company announced an effort to create technology that can read brain patterns and interpret thoughts without using invasive technology, like implanted electrodes. Technology like that could enable someone to communicate who otherwise can’t speak or move their limbs.

The company has been experimenting with patients with electrodes implanted in their brains and made new progress in the ultimate goal. Research subjects were asked to answer out loud a list of simple multiple-choice questions ordered randomly. During that process, by monitoring brain patterns, Facebook’s algorithms correctly detected what question the patient heard 75 percent of the time and what answer they chose 61 percent of the time.

The company is still many years away from a non-invasive method, but these are significant first steps. [IEEE Spectrum]

Source : Daily News Roundup: Google Discloses iOS “Interactionless” Vulnerabilities