What you need to know
- Two Google bounty hunters disovered six bugs within iOS that could be exploited by malicious third parties.
- Four of the bugs could be exploited through iMessage and the other two relied on the memory of the device.
- Five of the six bugs were fixed with the most recent iOS 12.4 update..
Two security researchers part of Google's Project Zero group discovered six vulnerabilities within iOS that could be easily exploited by malicious parties. Though five of the six were patched with the iOS 12.4 update, one wasn't completely patched, per ZDNet.
Details about one of the "interactionless" vulnerabilities have been kept private because Apple's iOS 12.4 patch did not completely resolve the bug, according to Natalie Silvanovich, one of the two Google Project Zero researchers who found and reported the bugs.
The four bugs are CVE-2019-8641 (details kept private), CVE-2019-8647 , CVE-2019-8660, and CVE-2019-8662 . The linked bug reports contain technical details about each bug, but also proof-of-concept code that can be used to craft exploits.
"Interactionless" means malicious parties do not need any action from the user to exploit the bug. With four of the bugs, someone would just have to send a malicious code via iMessage to another iPhone and once the message is open, the vulnerability is ready to be exploited.
The other two bugs rely the memory of the device.
The fifth and sixth bugs, CVE-2019-8624 and CVE-2019-8646 , can allow an attacker to leak data from a device's memory and read files off a remote device —also with no user interaction.
Thankfully they were brought to Apple's attention but before it became a real issue and were patched in a timely manner. It continues to show that even when a company as big as Apple puts resources in creating a safe and secure software, it is still not immune to rogue bugs.
The two security researchers in question, Natalie Silvanovich and Samuel Groß were handsomely rewarded for their contribution. They will talk more about the bugs in detail at the upcoming Black Hat conference in Las Vegas next week.
If you haven't updated to iOS 12.4, now would be a good time to do so.

Review: Secretlab's TITAN Evo 2022 is probably the best gaming chair ever
Secretlab's TITAN Evo is its 2022 offering. It's an awesome upgrade on its 2020 model and the perfect gaming chair for any gamer.

iOS gaming recap: PlayStation makes big moves into iOS, Streets of Rage 4
Besides some new games, a huge game maker discussed its plans to move into the mobile space, although it's unclear when. Here's what else you missed this week.

GRAMMY-winning music producer lauds his Mac Studio but still wants Mac Pro
GRAMMY-winning music producer Mike Dean, who has worked with the likes of Kanye, Selena Gomez, and Madonna has taken to Instagram to wax lyrical about his M1 Ultra Mac Studio while still lamenting the fact that he can't buy an Apple silicon Mac Pro.

All the games coming to Nintendo Switch in June 2022!
If you're in the market for new Nintendo Switch games, here are the ones being released in June. Highlights include Mario Strikers: Battle League, Fire Emblem Warriors: Three Hopes, and Rabbids: Party of Legends.