Security News > 2020 > December > Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "Wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "View all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] in real-time," said Beer in a lengthy blog post detailing his six-month-long efforts into building a proof-of-concept single-handedly.

"A remote attacker may be able to cause unexpected system termination or corrupt kernel memory," the iPhone maker noted in its advisory, adding the "Memory corruption issue was addressed with improved input validation."

In a nutshell, the zero-click exploit uses a setup consisting of an iPhone 11 Pro, Raspberry Pi, and two different Wi-Fi adaptors to achieve arbitrary kernel memory read and write remotely, leveraging it to inject shellcode payloads into the kernel memory via a victim process, and escape the process' sandbox protections to get hold of user data.

In a separate development, Synacktiv shared more details about CVE-2020-27950, one of the three actively exploited flaws that were patched by Apple last month following a report from Google Project Zero.

While the disclosures were short on details, the vulnerabilities were the result of a memory corruption issue in the FontParser library that allowed for remote code execution, a memory leak that granted a malicious application kernel privileges to run arbitrary code, and a type confusion in the kernel.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Hq84swpKneM/google-hacker-details-zero-click.html