“Typically, they require some user interaction, such as installing a malicious application. “This makes the vulnerability different from a lot of other mobile issues,” says security researcher Sean Wright. One of the biggest concerns about the Apple iPhone vulnerability reported by Google is that it doesn’t require any interaction from the user to exploit. How bad is the vulnerability and how can I protect my iPhone?
This should make similar exploits “significantly harder,” from now on, he said.
#MALICIOUS WIFISPOOF HACKED IPHONE 6 2016 CODE#
Remote code execution could be achieved through abuse of the “Receipts” feature that lets people know their iMessages have been delivered.Īs a result of the research, Groß has recommended new security measures to Apple, some of which the iPhone maker has already implemented. He demonstrated how an attacker could set up a side communications channel to interact with a user’s device. In the blog, Groß showed how a data randomising security feature called ASLR, which is meant to protect against exploits, is “not as strong in practice.” The video of Groß’s talk is available for those of you who like a visual accompaniment. It’s part of a three part series, which the more technical among you might enjoy delving into. The Google Project Zero blog reveals more details about Groß’s research, which was first unveiled at a hacking conference in December. What does Google’s blog tell us about the iPhone hack? The targeted individuals, ZecOps said, have so far included "individuals from a Fortune 500 organization in North America, an executive from a carrier in Japan, a VIP from Germany, MSSPs from Saudi Arabia and Israel, a journalist in Europe" and perhaps "an executive from a Swiss enterprise.Also in July, a vulnerability was discovered that could enable an attacker to read the files on an iPhone without having physical access to it. "It is possible that the attacker(s) were using this vulnerability even earlier," ZecOps said. ZecOps said the attacks date back at least to January 2018, when iPhones running iOS 11.2.2 were successfully attacked. In either situation, the attackers often remotely delete the email messages so that the targets won't see them on their devices. In iOS 12 and earlier, it's easier to make the phone run out of RAM, but the iPhone's user must open the malicious message for the exploit to work, and the Mail app may then crash. The result is that iOS 13 can be hacked as soon as an iPhone receives the malicious email message, and the phone will continue to function normally. That's because iOS 13 handles the back-end process of email processing in a different way. Surprisingly, iOS 13 is arguably even more at risk from these attacks than older versions of iOS. However, the attack does not work on third-party email apps such as Gmail or Outlook. Running out of memoryĮating up memory is not that hard to do on older iPhones that don't have a lot of RAM - for instance, 2017's iPhone X has only 3GB - but all models are vulnerable. And just because Apple has no evidence of attacks involving these flaws doesn't mean they didn't happen. As we saw above, the initial research report mentioned two other bugs necessary for the Mail hack to work. That doesn't totally contradict what ZecOps said. Apple goes on to say that the flaws ZecOps found "are insufficient to bypass iPhone and iPad security procedures," and that "we have found no evidence they were used against customers."
0 kommentar(er)
