Earlier this year, Apple patched a severe bug. According to a report published by Gadgets 360, this bug could have allowed hackers to get access to any iPhone and gain complete over the device using Wi-Fi. The company has fixed this vulnerability since the release of iOS 13.5. Apple released iOS 13.5 back in May of this year. It is worth mentioning that a security researcher of Google’s Project Zero team initially reported this serious vulnerability to Apple.
The security researchers have found that this security vulnerability existed because of a bug in the iOS kernel. Researchers found that this bug enabled hackers to get remote access. The bug is called unauthenticated kernel memory corruption vulnerability. Project Zero’s Ian Beer reported the issue and published a 30,000-word blog post. The security researcher provided details about the vulnerability and proof-of-concept exploit in the blog post. Beer built the proof-of-concept exploit after spending six months.
While he had developed several exploits to understand the security bug, the wormable radio-proximity exploit was the most advanced exploit that Beer developed. These exploits allowed Beer to get entire control over his iPhone 11 Pro. The security researcher could deploy the exploit with the help of a laptop, some off-the-shelf Wi-Fi adapters, and a Raspberry Pi. While detailing the scope of this vulnerability, Beer wrote in the blog post that it could allow hackers to view all the images, read all the emails, copy all the private messages, and monitor each and everything which happens on the phone in real-time.
The security researcher exploited the buffer overflow security bug, and this bug existed in a driver for AWDL. It is worth mentioning that AWDL is an Apple-native mesh networking protocol that is used to enabling some features such as AirPlay and AirDrop. The security researcher wrote in the blog post that attackers could remotely enable AWDL on a locked device using the same attack. He added that hackers could do this as long as the iPhone is unlocked at least once after it is powered on. Moreover, the vulnerability is wormable which means that hackers can use a device that has been already successfully exploited to exploit further devices.
Apple has acknowledged the existence of this bug and wrote on the company’s security page that a remote hacker may cause unexpected system termination or corrupt kernel memory. Apple has said that it addressed this problem by using enhanced memory management. Although we have no details whether attackers had exploited this vulnerability in the wild before the company fixed it, Beer wrote in his blog that at least one exploit seller knew about the bug in May.
The security researchers have found that this security vulnerability existed because of a bug in the iOS kernel. Researchers found that this bug enabled hackers to get remote access. The bug is called unauthenticated kernel memory corruption vulnerability. Project Zero’s Ian Beer reported the issue and published a 30,000-word blog post. The security researcher provided details about the vulnerability and proof-of-concept exploit in the blog post. Beer built the proof-of-concept exploit after spending six months.
While he had developed several exploits to understand the security bug, the wormable radio-proximity exploit was the most advanced exploit that Beer developed. These exploits allowed Beer to get entire control over his iPhone 11 Pro. The security researcher could deploy the exploit with the help of a laptop, some off-the-shelf Wi-Fi adapters, and a Raspberry Pi. While detailing the scope of this vulnerability, Beer wrote in the blog post that it could allow hackers to view all the images, read all the emails, copy all the private messages, and monitor each and everything which happens on the phone in real-time.
The security researcher exploited the buffer overflow security bug, and this bug existed in a driver for AWDL. It is worth mentioning that AWDL is an Apple-native mesh networking protocol that is used to enabling some features such as AirPlay and AirDrop. The security researcher wrote in the blog post that attackers could remotely enable AWDL on a locked device using the same attack. He added that hackers could do this as long as the iPhone is unlocked at least once after it is powered on. Moreover, the vulnerability is wormable which means that hackers can use a device that has been already successfully exploited to exploit further devices.
Apple has acknowledged the existence of this bug and wrote on the company’s security page that a remote hacker may cause unexpected system termination or corrupt kernel memory. Apple has said that it addressed this problem by using enhanced memory management. Although we have no details whether attackers had exploited this vulnerability in the wild before the company fixed it, Beer wrote in his blog that at least one exploit seller knew about the bug in May.
