Google Project Zero white-hat hacker Ian Beer on Tuesday revealed details of a patched severe iOS bug
Recently, Google Project Zero white-hat hacker Ian Beer on Tuesday revealed details of a patched severe iOS bug that could have made it possible for a remote attacker to gain complete control of any device nearby such as the Wi-Fi.
Beer in one of the blog stated that the exploit makes it possible to view all photos, read all emails, copy all the private messages and keep track of everything which happens on [the device] every time.
The vulnerability starts from a fairly little buffer overflow programming error in a Wi-Fi driver linked with Apple Wireless Direct Link (AWDL), which is a proprietary mesh networking protocol developed by Apple for use in AirDrop, AirPlay, enabling easier communications between Apple devices.
In short, the zero-click exploit uses a setup consisting of an iPhone 11 Pro, Raspberry Pi and two different Wi-Fi adaptors to achieve random kernel memory read and write remotely, influencing it to inject shellcode payloads into the kernel memory through a victim process and escape the process' sandbox protections to get hold of user information. This is not the first time security defects have been uncovered in Apple's AWDL protocol.
Synacktiv Details Patched Apple "Memory Leak" Zero-Day
That's not all. By comparing the two kernel binaries associated with iOS 12.4.8 and 12.4.9, Synacktiv researchers were able to understand the cause of the memory leak problem, pointing out that the changes address how the kernel handles mach messages linked with inter-process communication in Apple devices.