company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

iOS

Google

loading..
loading..
loading..

iOS Bug Makes Possible For A Remote Hacker To Hack Through A Nearby Wi-fi

Google Project Zero white-hat hacker Ian Beer on Tuesday revealed details of a patched severe iOS bug

03-Dec-2020
2 min read

Recently, Google Project Zero white-hat hacker Ian Beer on Tuesday revealed details of a patched severe iOS bug that could have made it possible for a remote attacker to gain complete control of any device nearby such as the Wi-Fi.

Beer in one of the blog stated that the exploit makes it possible to view all photos, read all emails, copy all the private messages and keep track of everything which happens on [the device] every time.

The vulnerability starts from a fairly little buffer overflow programming error in a Wi-Fi driver linked with Apple Wireless Direct Link (AWDL), which is a proprietary mesh networking protocol developed by Apple for use in AirDrop, AirPlay, enabling easier communications between Apple devices.

In short, the zero-click exploit uses a setup consisting of an iPhone 11 Pro, Raspberry Pi and two different Wi-Fi adaptors to achieve random kernel memory read and write remotely, influencing it to inject shellcode payloads into the kernel memory through a victim process and escape the process' sandbox protections to get hold of user information. This is not the first time security defects have been uncovered in Apple's AWDL protocol.

https://youtu.be/ikZTNSmbh00

Synacktiv Details Patched Apple "Memory Leak" Zero-Day

That's not all. By comparing the two kernel binaries associated with iOS 12.4.8 and 12.4.9, Synacktiv researchers were able to understand the cause of the memory leak problem, pointing out that the changes address how the kernel handles mach messages linked with inter-process communication in Apple devices.