Apple recently fixed a massive security issue in iOS that could have allowed hackers to remotely exploit it and take full control of iPhones and iPads. The issue impacted Apple Wireless Direct Link (AWDL), a proprietary mesh networking protocol used by Apple for AirDrop and Sidecar. Apple fixed the exploit in May 2020 after it was reported by a Google Project Zero security researcher, and there is no evidence that it was exploited in the wild by hackers.
AWDL security issue in iOS devices could have let hackers remotely gain full access to iPhone and iPad devices
Ian Beer, a security researcher with Google Project Zero, spent 6 months to figure out the exploit and demo it before reporting it to Apple. The exploit could be used to remotely gain root access to an iPhone or iPad, and gain access to its various features such as messages, photos, microphone, camera, and the likes. This potentially opened up all the data on a hacked device to be accessible which is the worst-case scenario.
This flaw was fixed in the following operating system updates by Apple:
- iOS 12.4.7
- iOS 13.5
- iPadOS 13.5
- watchOS 5.3.7
- macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra
Ian Beer explained the security vulnerability as follows:
Of course, an iPhone isn’t designed to allow people to build capabilities like this. So what went so wrong that it was possible? Unfortunately, it’s the same old story. A fairly trivial buffer overflow programming error in C++ code in the kernel parsing untrusted data, exposed to remote attackers.
In fact, this entire exploit uses just a single memory corruption vulnerability to compromise the flagship iPhone 11 Pro device. With just this one issue I was able to defeat all the mitigations in order to remotely gain native code execution and kernel memory read and write.
You can check out a demo of the AWDL security exploit below, and check out the detailed article on the Google Project Zero blog here. Make sure to grab a cup of coffee, it’s a lengthy article.
1 comment
Comments are closed.