Even though Apple likes to tout itself as the most secure software in the world, it is often let down by its software teams who have a nasty habit of being unable to program clocks.
In this case, the researchers said the vulnerability was so severe that the only way to rescue a targeted iPhone would be to delete all the data off it. Another example, they said, could be used to copy files off a device without requiring the owner to do anything to aid the hack. Apple released fixes last week. But the researchers said they had also flagged a sixth problem to Apple, which had not been rectified in the update to its mobile operating system.
Apple's own notes about iOS 12.4 indicate that the unfixed flaw could give hackers a means to crash an app or execute commands of their own on recent iPhones, iPads and iPod Touches if they were able to discover it.
Apple has not commented on this specific issue but has urged users to install the new version of iOS, which addresses Google's other discoveries as well as a further range of glitches and threats.
One of the two Google researchers involved - Natalie Silvanovich - intends to share more details of her findings at a presentation at the Black Hat conference in Las Vegas next month.
Meanwhile, German researchers have found a flaw in Apple Wireless Direct Link (AWDL), a protocol installed on over 1.2 billion Apple devices which means that hackers can track users, crash the shiny and intercept files transferred between devices via man-in-the-middle (MitM) attacks.
Boffins at the Technical University of Darmstadt, in Germany analysed the perfect code in Apple Wireless Direct Link (AWDL), a protocol that Apple rolled out in 2014 and which also plays a key role in enabling device-to-device communications in the Apple ecosystem.
AWDL is at the core of Apple services like AirPlay and AirDrop, and Apple has been including AWDL by default on all devices the company has been selling, such as Macs, iPhones, iPads, Apple watches, Apple TVs, and HomePods.
Apple has never published any in-depth technical details about how AWDL works, delaying the awareness of its wonderful code for so long. Few security researchers bothered looking at AWDL for bugs or implementation errors.