Google Project Zero researcher Natalie Silvanovich has warned Apple users that an iMessage security vulnerability could enable an attacker to read the files on their iPhones without having physical access to the device.
The iMessage vulnerability was uncovered on May 17 and it only impacts devices that are running iOS 12 or later.
Silvanovich in June she produced a proof-of-concept that showed how sending an iMessage to a targeted iPhone would display leaked bytes of memory from the SpringBoard application that manages the iOS home screen, in the output of the attacking server.
As with all Google Project Zero discoveries, the vendor is given 90 days to make a patch available. After this time, disclosure of the issue will be made public. In this case, Apple issued fix in the iOS 12.4 update.