The Fully Remote Attack Surface of the iPhone
https://googleprojectzero.blogspot.com/2019/08/the-fully-remote-attack-surface-of.html [googleprojectzero.blogspot.com]
2019-08-08 00:55
We investigated the remote attack surface of the iPhone, and reviewed SMS, MMS, VVM, Email and iMessage. Several tools which can be used to further test these attack surfaces were released. We reported a total of 10 vulnerabilities, all of which have since been fixed. The majority of vulnerabilities occurred in iMessage due to its broad and difficult to enumerate attack surface. Most of this attack surface is not part of normal use, and does not have any benefit to users. Visual Voicemail also had a large and unintuitive attack surface that likely led to a single serious vulnerability being reported in it. Overall, the number and severity of the remote vulnerabilities we found was substantial. Reducing the remote attack surface of the iPhone would likely improve its security.
Also: https://googleprojectzero.blogspot.com/2019/08/the-many-possibilities-of-cve-2019-8646.html