Discovered by Natalie Silvanovich of Google's Project Zero bug hunting team , the vulnerability, which is now patched, could have been exploited on Messenger for Android if an attacker simultaneously called a target and sent them a specially crafted, invisible message to trigger the attack.
Click on the headlines to read them, and stay safe out there.iOS 14.2 Patches Three Actively Exploited BugsApple released its latest iOS update this week, and while the new emojis it comes with are exciting, you'll also want it to fix a raft of security issues for iPhone and iPad. iOS 14 patches 24 bugs in all, including three reported by Google's elite Project Zero team that are have been actively exploited by hackers.
Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.Silvanovich, who worked on the research with fellow Project Zero member Samuel Groß, got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.
Her experience wasn’t a fluke: In 2016, Apple sued a company in New York for allegedly selling counterfeit versions of its accessories on Amazon, like charging cables. On Thursday, the company announced Project Zero , a program designed to reduce the number of fake products for sale on Amazon.