Security News > 2020 > December > How to steal photos off someone’s iPhone from across the street
The exploit sequence he figured out really does allow an attacker to break into a nearby iPhone and steal personal data - using wireless connections only, and with no clicks needed by, or warnings shown to, the innocently occupied user of the device.
To give you an idea of just how much effort went into the 5-minute "Teddy bear's data theft picnic" video above, and as a fair warning if you are thinking of studying Beer's excellent article in detail, bear in mind that his blog post runs to more than 30,000 words - longer than the novel Animal Farm by George Orwell, or A Christmas Carol by Charles Dickens.
As Mozilla rather drily puts it when fixing any memory mismangement flaws in Firefox, even apparently mild or arcane errors that the team couldn't or didn't figure out how to exploit themselves: "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."
Beer figured out how to use his initial exploit in an detailed attack chain that could access arbitrary files on the device and steal them.
Make sure you are up to date with security fixes, because the bug at the heart of Beer's attack chain was found and disclosed by him in the first place, so it's already been patched.