iPhone Zero-click Wi-Fi Exploit Is One Of The Most Breathtaking Hacks Ever

It has been reported that Google Project Zero security researcher Ian Beer has revealed that, until May, a variety of Apple iPhones and other iOS devices were vulnerable to an incredible exploit that could let attackers remotely reboot and take complete control of their devices from a distance — including reading emails and other messages, downloading photos, and even potentially watching and listening to you through the iPhone’s microphone and camera.

Experts Comments

December 03, 2020
Eugene Kolodenker
Staff Security Intelligence Engineer
Lookout
The recent iOS zero-click exploit published by Google's Project Zero is an attack that can be used by malicious groups to gain access to any iPhone device running an unpatched version of iOS. The attack requires close proximity to the target iPhone device as it leverages an exploit in the iPhone’s WiFi system. The exploit does not require any interaction from the target, and can be used to steal sensitive data such as photos, text messages, and install Trojans. The attack leverages a flaw in.....Read More
The recent iOS zero-click exploit published by Google's Project Zero is an attack that can be used by malicious groups to gain access to any iPhone device running an unpatched version of iOS. The attack requires close proximity to the target iPhone device as it leverages an exploit in the iPhone’s WiFi system. The exploit does not require any interaction from the target, and can be used to steal sensitive data such as photos, text messages, and install Trojans. The attack leverages a flaw in Apple's proprietary radio protocol used to connect iPhones directly to other iPhones, or Apple products for services such as AirDrop. Even if AirDrop is not enabled, this attack is able to bypass this restriction, and force AirDrop to be enabled momentarily to deliver the exploit. A proof of concept with limited capability has been released, and more dangerous variants might be developed from it. Fortunately, this vulnerability is patched since May 2020, and in the latest version of iOS. It’s recommended for users to keep their iPhones updated to the latest version.  Read Less
December 03, 2020
James Croall
Director of SAST Product Management
Synopsys Software Integrity Group
Buffer overflows have haunted software developers for about as long as software existed. The good news is, buffer overflows can be systematically identified and eradicated early in the dev process using automated static analysis tools. But even incredibly mature organisations fall victim seemingly small mistakes that can have major repercussions. This vulnerability underscores how important it is for developers and AppSec teams to proactively and thoroughly test their code bugs. It’s also.....Read More
Buffer overflows have haunted software developers for about as long as software existed. The good news is, buffer overflows can be systematically identified and eradicated early in the dev process using automated static analysis tools. But even incredibly mature organisations fall victim seemingly small mistakes that can have major repercussions. This vulnerability underscores how important it is for developers and AppSec teams to proactively and thoroughly test their code bugs. It’s also important to remediate issues identified during testing -- even if it's not a problem today, any given vulnerability could become a substantial issue down the road.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.