Vast majority of Apple iOS users haven’t updated to iOS 12.4, leaving themselves wide open to a public exploit.
Over 90 percent of Apple iPhone users — consumer and enterprise — are still vulnerable to bugs in iOS that can be remotely exploited without any user interaction via the iMessage client. These could reveal pictures, videos, notes, PDFs and so on stored on the phone.
Though Apple has fully patched five of six critical flaws revealed earlier this week by Google’s Project Zero with the 12.4 iOS update, as of August 1 only 9.6 percent of enterprise devices have been updated, according to Dan Cuddeford, senior director of systems engineering at Wandera.
As Threatpost previously reported, the most severe of the bugs are CVE-2019-8624 and CVE-2019-8646, which allow an attacker to read files off an iOS device remotely, without any interaction from the victim.