Should we be worried about the iPhone vulnerability that forces iMessage to be disabled?

According to an X post put out by Trust Wallet, they have found credible evidence related to a high-risk zero-day exploit targeting iMessage users. According to the content, exploiting the vulnerability can be performed on an iPhone without requiring the user to click on any link.

Should we be worried about the iPhone vulnerability that forces iMessage to be disabled? Picture 1

Does iMessage really contain a Zero-day vulnerability?

As a precaution, Trust Wallet suggests that iPhone users, especially individuals with sensitive locations, turn off the iMessage feature until Apple fixes the issue.

However, in its latest report, TechCrunch emphasized that there is currently no clear evidence of the existence of vulnerability exploitation activities. The 'evidence' only comes from an advertisement on the Dark Web for something called an 'iMessage Exploit'. The ad states that this product is RCE - remote code execution - requiring no interaction from the target. It is said to work on the latest iOS version.

CodeBreach Lab, the seller of the vulnerability is reportedly asking for $2 million in Bitcoin. Up to now, no one has purchased the tool to exploit this vulnerability.

Advertising content offering Zero-day vulnerability exploitation tools posted by CodeBreach Lab.

While this threat may have been exaggerated, if not an outright scam, it is important to know that such practices deserve to be taken seriously. Recently, many people no longer believe in the possibility that the iPhone 'cannot be infected with malware'. Although iPhones are rarely infected with malware, attackers can still take advantage of 0-day vulnerabilities and zero-click exploits to infect users' devices. However, these types of attacks are often expensive and difficult to perform due to the high level of complexity required.

Samuel Daniel

Update 20 April 2024