Friday, December 6, 2024
HomeCVE/vulnerabilityGoogle Discloses a zero-click Wi-Fi Exploit to Hack iPhone Devices

Google Discloses a zero-click Wi-Fi Exploit to Hack iPhone Devices

Published on

SIEM as a Service

Google Project Zero has disclosed the details of an iOS exploit that allows an attacker to hack iPhones remotely over Wi-Fi and steal sensitive data, with no user interaction.

Researcher Ian Beer from the Google Project Zero team has revealed technical details of a critical “wormable” iOS bug that possibly allowed a remote attacker to obtain control over the device.

Analysis

“The vulnerability stems from a fairly trivial buffer overflow programming error in C++ code in the kernel parsing untrusted data, exposed to remote attackers”, wrote the expert.

- Advertisement - SIEM as a Service

The researcher demonstrated the exploit in a test environment composed of an iPhone 11 Pro, a Raspberry Pi, and two different Wi-Fi adaptors. Beer was able to remotely accomplish arbitrary kernel memory read and write and inject shellcode payloads into the kernel memory bypassing the victims’ defense.

 “A remote attacker may be able to cause unexpected system termination or corrupt kernel memory” reads the security advisory published by Apple. “A double free issue was addressed with improved memory management.”

The flaw, tracked as CVE-2020-3843, is a double free issue that could be exploited makes it possible to access photos and other sensitive data, including email and private messages. Apple addressed the CVE-2020-3843 vulnerability with the release of a series of updates.

Testing

For testing, the expert generated 100 random contacts with four contact identifiers such as home and work email, home and work phone numbers.

The attacker targets the AirDrop BTLE framework to enable the AWDL interface by brute-forcing a contact’s hash value from the list of 100 contacts stored within the device. Then the attacker triggers the buffer overflow to gain access to the device and run a malicious code implant as root achieving full control on the mobile device.

The expert explained that it is not conscious of attacks in the wild exploiting this vulnerability, but he pointed out that exploit vendors seemed to take notice of these fixes.

“I have no evidence that these issues were exploited in the wild; I found them myself through manual reverse engineering. But we do know that exploit vendors seemed to take notice of these fixes” says the expert. 

Technical details about the  flaw

Researchers from security firm Synacktiv published technical details about the CVE-2020-27950 flaw explaining that it had been chained with two other flaws.

“On November 5th, Project Zero announced that Apple has patched in iOS 14.2 a full chain of vulnerabilities that were actively exploited in the wild, composed of 3 vulnerabilities: a userland RCE in FontParser as well as a memory leak (“memory initialization issue”) and a type confusion in the kernel.” reads the analysis published by Synacktiv.

The three vulnerabilities chained in the attack are:

  • A memory corruption issue in the FontParser library that was exploited to achieve remote code execution
  •  A memory leak that granted a malicious application kernel privileges to run arbitrary code
  •  A type of confusion issue in the kernel.

Conclusion

The flaw was addressed by Apple in a series of security updates pushed as part of iOS 13.3.1macOS Catalina 10.15.3, and watchOS 5.3.7 earlier this year. Apple pointed out that a huge majority of iOS users keep their devices up to date so far so that they should not be susceptible to attacks.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Apple High Severity Bug Allows Attackers to Execute Arbitrary Code on iPhone, iPad, iPod

Apple Dropped A Plan Let iPhone Users Have Fully Encrypt Backups On Their Devices Including WhatsApp Chats

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

Thinkware Cloud APK Vulnerability Allows Code Execution With Elevated Privileges

A critical vulnerability identified as CVE-2024–53614 has been discovered in the Thinkware Cloud APK...