iPhone Zero-click Wi-Fi Exploit Is One Of The Most Breathtaking Hacks Ever

It has been reported that Google Project Zero security researcher Ian Beer has revealed that, until May, a variety of Apple iPhones and other iOS devices were vulnerable to an incredible exploit that could let attackers remotely reboot and take complete control of their devices from a distance — including reading emails and other messages, downloading photos, and even potentially watching and listening to you through the iPhone’s microphone and camera.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Eugene Kolodenker
Eugene Kolodenker , Staff Security Intelligence Engineer
InfoSec Expert
December 3, 2020 11:22 am

The recent iOS zero-click exploit published by Google\’s Project Zero is an attack that can be used by malicious groups to gain access to any iPhone device running an unpatched version of iOS. The attack requires close proximity to the target iPhone device as it leverages an exploit in the iPhone’s WiFi system. The exploit does not require any interaction from the target, and can be used to steal sensitive data such as photos, text messages, and install Trojans. The attack leverages a flaw in Apple\’s proprietary radio protocol used to connect iPhones directly to other iPhones, or Apple products for services such as AirDrop. Even if AirDrop is not enabled, this attack is able to bypass this restriction, and force AirDrop to be enabled momentarily to deliver the exploit. A proof of concept with limited capability has been released, and more dangerous variants might be developed from it. Fortunately, this vulnerability is patched since May 2020, and in the latest version of iOS. It’s recommended for users to keep their iPhones updated to the latest version.

Last edited 1 year ago by Eugene Kolodenker
James Croall
James Croall , Director of SAST Product Management
InfoSec Expert
December 3, 2020 11:12 am

Buffer overflows have haunted software developers for about as long as software existed. The good news is, buffer overflows can be systematically identified and eradicated early in the dev process using automated static analysis tools. But even incredibly mature organisations fall victim seemingly small mistakes that can have major repercussions. This vulnerability underscores how important it is for developers and AppSec teams to proactively and thoroughly test their code bugs. It’s also important to remediate issues identified during testing — even if it\’s not a problem today, any given vulnerability could become a substantial issue down the road.

Last edited 1 year ago by James Croall
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x