The iPhone vulnerability could have provided remote access via Wi-Fi: Details
Apple patched a serious vulnerability earlier this year that could have allowed attackers to gain complete control over any iPhone using Wi-Fi. Vulnerability. that has been fixed since the release of iOS 13.5 in May, was initially reported by a researcher from Google’s Project Zero team. It was also noticed by other security researchers. The security flaw existed due to a bug in the iOS kernel that allowed bad actors to gain remote access, without requiring any direct interaction from users.
Known as an unauthenticated kernel memory corruption vulnerability, the issue was reported by Ian Beer from Zero project. Beer published a 30,000 word blog detailing the vulnerability and provided a proof-of-concept exploit that it created after spending six months.
Although the security researcher developed multiple exploits to understand the flaw, the most advanced he built was the worm radioproximity exploit that allowed him to gain complete control over his iPhone 11 Pro. He was able to implement the exploit using a laptop, Raspberry Pi, and some commercially available Wi-Fi adapters.
“See all the photos, read all the email, copy all the private messages and monitor everything that happens there in real time,” he said in the post while detailing the scope of the vulnerability.
Beer took advantage of the buffer overflow bug that existed in a driver for AWDL, which is a native Apple mesh networking protocol used to enable features including Airdrop and Airplay. It had the ability to remotely give full access to attackers since such a driver, like other drivers, exists in the kernel.
“AWDL can be remotely enabled on a locked device using the same attack, as long as it has been unlocked at least once after turning on the phone. Vulnerability is also deworming; a device that has been successfully exploited could be used to exploit other devices with which it comes in contact, ”wrote the researcher.
How reported by Ars Technica, Beer’s research colleagues realized the flaw that he also demonstrated in a video uploaded to YouTube.
Apple admitted the existence of the vulnerability on its security page saying: “A remote attacker can cause unexpected system termination or corrupted kernel memory.” The company also mentioned that it addressed the problem using improved memory management.
The defect was fixed with the iOS 13.5 release. However, phones that work with an ios The version could still be exploited.
There are no details on whether the vulnerability was exploited in the wild before it was fixed by Apple. However, Beer noted in his post that at least one exploit vendor was aware of the bug in May.