Security News > 2020 > December > iOS Exploit Allows 'Unfettered Access' to iPhone User Data Over Wi-Fi

iOS Exploit Allows 'Unfettered Access' to iPhone User Data Over Wi-Fi
2020-12-02 12:59

Google Project Zero has disclosed the details of an iOS exploit that allows an attacker to hack iPhones remotely over Wi-Fi and steal sensitive data, without any user interaction.

According to Beer, the exploit leverages a single memory corruption vulnerability that can be used against an iPhone 11 Pro device to bypass mitigations and achieve native code execution and kernel memory reading and writing.

Since the exploit requires AWDL to be enabled, the researcher used a technique involving Bluetooth low energy advertisements to force the targeted device to enable AWDL without any user interaction and without the attacker having too much information about the targeted device.

Beer's exploit leveraged a buffer overflow vulnerability in AWDL to remotely gain access to a device and execute an implant as root.

Beer said Apple patched the vulnerability before the launch of its COVID-19 contact tracing system in iOS 13.5 in May. Apple pointed out that a vast majority of iOS users keep their devices up to date so they should no longer be vulnerable to attacks.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/A-sL_j_yuy0/google-details-iphone-zero-click-exploit-allowing-theft-user-data