Google's Project Zero outs how iMessage can brick and wipe your iPhone

Google's Project Zero outs how iMessage can brick and wipe your iPhone
Google's Project Zero security research undertaking just revealed what we've already known - that Apple's iMessage can be thrown off by a simple unorthodox string that could force you to wipe out and restore your handset.

Project Zero is Google's umbrella team of security analysts who have the sole purpose to find zero-day vulnerabilities, or bugs of the type that can be exploited by state-sponsored hackers, intelligence agencies and run-of-the-mill criminals. The iMessage bug was found by one Natalie Silvanovich, and here's what she has to say about it:

To start using the bricked iPhone again, you can do one of the following, she says:

  • Wipe the device with 'Find my iPhone'
  • Put the device in recovery mode and update via iTunes (note that this will force an update to the latest version)
  • Remove the SIM card and go out of Wifi range and wipe the device in the menu

Fret not, though, as the bug is only made public after the respective party, in this case Apple, has been notified of its existence, and the it has been squashed in the iOS 12.3 update. 

Project Zero has a strict 90-day disclosure policy to make the big public which is forcing manufacturers to react swiftly, or risk having the exploit out in the open before it has been patched. Whew.



1. shiv179

Posts: 179; Member since: Aug 08, 2012

Hahaha yet again! Looks like iMessage is tightly integrated into Springboard? iMessage should be segregated from the rest of the iOS system, so if it crashes it doesn't take other apps down with it!

2. ahmadkun

Posts: 656; Member since: May 02, 2016

The rule is: If I sink we we all will sink together

4. clarity

Posts: 56; Member since: Jun 19, 2017

I can see that you don’t understand iOS basics. The problem here is that a string is expected but an integer may be received. Springboard will crash when displaying the notification - not because of iMessage itself but because it’s incorrectly expecting something that might be of a different type.

5. blingblingthing

Posts: 980; Member since: Oct 23, 2012

I thought all Apple products were built secure. What happened?

6. srgonu

Posts: 566; Member since: Feb 13, 2012

Yes it is, it doesn't share. If ain't working, will take everyone down.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.