A dangerous new iOS security vulnerability that could allow hackers to remotely take over an individual’s iPhone has been revealed by a researcher at Google's Project Zero team
The vulnerability, which has now been patched, put sensitive corporate information stored on business smartphones (opens in new tab) at risk, as well as a substantial amount of personal data too.
The vulnerability enabled hackers to remotely take control of some iPhone and other iOS devices, allowing them to read messages, view images – essentially, monitor everything taking place – as long as the device was in relatively close proximity.
- Check out our roundup of the best antivirus (opens in new tab) software
- We've put together a list of the best malware removal (opens in new tab) software
- Also check out our roundup of the best ransomware protection (opens in new tab)
The exploit, which is explained in painstaking detail here (opens in new tab), was discovered by Project Zero researcher Ian Beer by taking advantage of the Apple Wireless Direct Link protocol used to create mesh networks for features like AirDrop and Sidecar.
Taking remote control
Admittedly, it did take Beer six months to exploit the iPhone flaw, but the researcher argues that this shouldn’t give Apple, or any iPhone owners, much cause for comfort.
Plenty of other threat actors will have greater resources and knowledge at their disposal, potentially enabling a faster turnaround. He also theorizes that directional antennas and higher transmission powers could greatly increase the viable range of such attacks.
Apple security updates released earlier this year have now patched the vulnerability in question and users of most recent iOS releases will be protected.
However, although there is no evidence that this iPhone flaw was ever exploited in the wild, the discovery is still a worrying development – particularly for Apple, which prides itself on its security credentials.
- Keep your network secure with the best endpoint protection (opens in new tab) software
Via The Verge (opens in new tab)