Google publishes a number of zero-click vulnerabilities that affected all Apple devices

Last year, we reported on Google’s Project Zero’s team that helped Apple with fixing an important iPhone vulnerability to hackers. Now, AppleInsider is bringing our attention to another publication by the team that brought to the surface six new vulnerabilities on Apple platforms.

The vulnerabilities, reported by the team, are related to the so-called ImageIO framework that is present on all Apple systems - iOS, macOS, watchOS and tvOS, so all Apple devices appear to be affected by the vulnerabilities. The newly discovered cybersecurity flaws, however, are connected to already reported and fixed issues with the code that was parsing images, but this time, it’s related to images in popular messaging apps.

The issue is that the vulnerability does not necessitate the user to click on any suspicious-looking links or anything of that nature, that’s why it’s called a “zero click” vulnerability. Reportedly, Project Zero worked with a technique called “fuzzing”, a software testing methodology that provides inavalid, unexpected or random data as input to Apple’s ImageIO framework. The team was then able to discover reportedly six vulnerabilities in ImageIO, and additionally eight more in a third-party image format, called OpenEXR, that was exposed by Apple's ImageIO. Reportedly, Apple has already fixed the aforementioned vulnerabilities (in security patches in January and April).

It’s important to note that the vulnerabilities were accessible through popular messaging apps but were not linked to the source code of the apps, so the team stated that it was Apple’s responsibility of fixing it, rather than the individual messaging app team’s.

Samuel Groß, a researcher from the Project Zero team, posted the report and stated that, even though all of the issues that were found were already fixed by Apple, some additional vulnerabilities of the same type can still be present and with enough hard work from malicious hackers, could potentially be exploited as zero-click attacks on Apple devices.

The researcher recommended that the Cupertino-based tech giant performs more “fuzz-testing”. Additionally, he advised that Apple implements an aggressive attack-surface reduction in its OS libraries, meaning to reduce the number of compatible file formats in order to improve security.

Grab the Pixel 10 at Mint Mobile for $450 off

$349

$799

$450 off (56%)

Mint Mobile now sells the Google Pixel 10 with a massive $450 discount. The promo is available on select color variants with 128GB of storage. You also get a 12-month unlimited data plan for $180 instead of $360.

Buy at Mint Mobile

Pixel 10 Pro: now $475 off at Mint

$524

$999

$475 off (48%)

Grab the pro-grade, compact Pixel 10 Pro at Mint Mobile with a 12-month unlimited plan, and you can save a huge $475. The data plan comes with a discount, too: 50% off, to be exact.

Buy at Mint Mobile

The Pixel 10 Pro XL is $700 off at Mint right now

$499

$1199

$700 off (58%)

The high-end Gemini AI-enhanced Pixel 10 Pro XL is now available with a mind-blowing discount. You can now save $700 on the phone, plus 50% off unlimited 12-month plans.

Buy at Mint Mobile

The Pixel 10 Pro Fold is now $400 off

$1399

$1799

$400 off (22%)

The foldable Pixel 10 Pro Fold is another standout holiday offer. Right now, you can get the device for $400 off at Mint Mobile. On top of that, you save $180 on 12-month unlimited data plans.

Buy at Mint Mobile