Many folks wait a while to update their iPhones and iPads to the latest version of iOS, but don't delay in this case. iOS 12.4, released last week, fixes several very serious security flaws in Messages that can let hackers remotely take over your device and can be exploited without you even clicking on a link.
To shield your phone now, all you need to do is install iOS 12.4. Updating is just as easy as ever: open Settings, tap General, tap Software Update and follow the on-screen instructions.
ZDNet notes that at least three of the flaws open the user to a serious attack, in which the malcontent prying open your phone can start executing code. All the attacker needs to do is send a malicious message to a device, as the code simply runs when you open and view the message — which most people will.
The other flaws? Oh they're just as nasty, allowing the miscreant to leak data from your iDevice and read files off of it, remotely, with the same simple attack detailed above.
As reported by Bleeping Computer, the flaws were reported to Apple by Google Project Zero security researchers Natalie Silvanovich and Samuel Gross back in May and affect all iPhones from the 5s on, the iPad Air and later and iPod touch devices.
Details of some of the flaws can be found on the Google Project Zero bug-reporting website. Silvanovich noted on Twitter that her team was withholding details on one because "the fix in the advisory did not resolve the vulnerability."
The security world will learn more about this attack next week as Silvanovich gives a presentation at the Black Hat security conference in Las Vegas. We hope to attend to learn more.