The iPhone vulnerability could potentially have allowed remote access over WiFi: Details

Apple fixed a serious vulnerability earlier this year that could allow an attacker to take complete control of any iPhone using Wi-Fi. The vulnerability. This has been fixed since the May release of iOS 13.5 and was originally reported by a researcher on Google’s Project Zero team. It was noticed by other security researchers as well. The vulnerability was due to a bug in the iOS kernel that allowed bad actors to get remote access without users having to interact directly.

The problem known as an unauthenticated kernel memory corruption vulnerability was reported by Ian Beer of Project Zero. beer released A 30,000-word blog detailing the vulnerability and a proof-of-concept exploit he created after six months.

Although the security researcher developed several exploits to understand the flaw, the most advanced one he developed was the proximity worm exploit, which allowed him to gain complete control of his iPhone 11 Pro. He was able to deploy the exploit using a laptop, a Raspberry Pi, and a few off the shelf Wi-Fi adapters.

“See all photos, read all emails, copy all private messages and monitor everything that happens there in real time,” he said in the post, explaining the scope of the vulnerability.

Beer took advantage of the buffer overflow error that existed in a driver for AWDL. This is a mesh network protocol developed by Apple that enables functions such as AirDrop and AirPlay. It was able to give attackers full access remotely because the named driver – just like other drivers – is in the kernel.

“AWDL can be activated remotely on a locked device with the same attack, as long as it has been unlocked at least once after switching on the phone. The vulnerability is also wormable. A device that has been successfully used could then itself be used to use other devices with which it comes in contact, ”wrote the researcher.

As reported From Ars Technica, Beer’s colleagues took note of the mistake, which he also demonstrated in a video uploaded to YouTube.

Apple accepted the existence of the security-side vulnerability, which states “A remote attacker could potentially cause an unexpected system termination or corrupted kernel memory.” The company also mentioned that it addressed the problem with improved memory management.

The bug was fixed with the release of iOS 13.5. However, it is likely that the handsets that are running on an earlier version of iOS can still be exploited.

There are no details on whether the vulnerability was exploited in the wild before Apple fixed it. However, in his post, Beer noted that at least one exploit seller was aware of the bug in May.

Are iPhone 12 Mini, HomePod Mini the Perfect Apple Devices for India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, Download the episodeor just hit the play button below.


Source link :