How a nightmare wormable, wireless, automatic hijack-a-nearby-iPhone security flaw was found and fixed

2020-12-03 08:26

A Google security guru has published details of a critical hole in Apple's iOS that can be exploited by miscreants to hijack strangers' iPhones over the air without any user interaction.

On Tuesday, Google Project Zero's Ian Beer, who reported the flaw to Apple back on November 29, 2019, published a detailed technical account of how he found and developed an exploit the vulnerability, which he likened to a magic spell to gain remote control of the target device.

Amid the COVID-19 virus lockdown, Beer said he spent six months in his bedroom working on "a wormable radio-proximity exploit which allows me to gain complete control over any iPhone in my vicinity."

Beer said he found no evidence that the flaw was ever exploited in the wild.

He pointed out that companies known to provide tools to help governments bypass device security have been paying attention to these sorts of wireless vulnerabilities, and may have the flaw in their arsenals.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/12/03/apple_wireless_bug/

#iphone #security #wireless