Apple's most recent update to iOS wasn't simply to add features: It also patched a significant vulnerability discovered by Google Project Zero. Google security researchers Samuel Groß and Natalie Silvanovich found the vulnerability, designated CVE-2019-8646, which could allow a threat actor to gain access to iOS devices and read their contents using a malicious iMessage as an attack vector.
A malicious actor also could exploit the flaw to remotely read one-time-passwords sent via SMS — a technique frequently used as part of a two-factor authentication scheme.
Google followed responsible disclosure and notified Apple in May. Apple patched the vulnerability within the 90-day window that Google allowed. Silvanovich will present details of the vulnerability in a Black Hat USA briefing, Apple iMessage Flaw Lets Remote Attackers Read Files on iPhones.
iOS users who subscribe to automatic updates should already have applied the patch; other iOS users are encouraged to update to iOS 12.4 immediately.
For more, read here.