Damage that the iPhone is hijacked just by receiving a message, the method is revealed -is now corrected

　Google's security team "Google Project Zero" is an official blog about the attack on the target user's iPhone just by receiving malicious GIF images via iPhone iMessage.I revealed it.

　This method has confirmed attacks on New York Times journalists and staff members of human rights activists.

　This vulnerability (CVE-2021-30860) was released in September 2019..It has been modified by the update to 8.

You can take over just by receiving a malicious message

　According to the official blog of Project Zero, the iPhone is hacked just by exploiting the vulnerabilities contained in IMESAGE, the attacker sends a malicious message to the iPhone of the target user, and receives the message.It was said to have occurred.

　Until now, it has been known that a so -called one -click attack has been performed in which a similar attack method sends a fishing URL with SMS, and the target accidentally clicks the link.

　According to the method revealed by "Google Project Zero" this time, the target of the attack will only receive a malicious message, and even if you do not click any URL, you will execute any code on the iPhone.There was no way to prevent the damage until the vulnerability was corrected by the software update in order to match the hijacking damage.

　IMESAGE has a function to send and receive animation GIFs in the chat.This function was processed before the animation GIF was actually displayed on the chat screen.

　The attacker is spent as an animation GIF, sends a malicious PDF, exploits the vulnerabilities included in the PDF syntax analysis program, and succeeded in hacking the targeted iPhone via IMESAGE.It was said that he was.

　Apple has already attacked before the vulnerability was revised, saying, "We know that this vulnerabilities may have been misused."He revealed that he could have been broken.