Hacking Book | Free Online Hacking Learning


visit a website suffices: hackers got almost unhindered access to iphones and ipads

Posted by agaran at 2020-03-29

At the beginning of the year, Google found various security gaps in iOS that were actively exploited on almost all operating system versions and iPhone generations. This could be the largest malware attack on Apple's iOS devices. Visiting an infected website was enough for the attacks to gain almost unhindered access to the device and user data. Google reported the security gaps on 1. The remaining gaps were plugged seven days later at Apple with iOS 12.1.4.

Most of the gaps were used to steal files as well as to locate the devices; some malware sent the user's location to the hackers every minute. The malware is also said to have read the user's association, in which all stored usernames and passwords for services can be found. It has not yet become public whether such records have already been offered for sale.

All the attacks probably had in common that they could not survive a restart of the device, after which the device is virus-free again until you visit an infected website again. It is not known which websites delivered the damage code or actively deliver it, but according to Google it is supposed to be highly frequented websites.

Overall 5 weaknesses Project Zero has identified five different attack sectors. The first two vulnerabilities are kernel gaps, the first exploiting a vulnerability in the graphics card driver and the second exploiting an IOKit error. Both gaps only work in iOS 10-iOS 11 reliably corrects the weaknesses.

The third weakness works up to iOS 11.4 and up to the iPhone X, however, is a much more annoying one: In the programming library, which is responsible for communicating processes with each other ("libxpc"), a security query was almost completely disabled with iOS 11: instead of a test, whether an access is within a storage area, it has only been tested whether the storage access is exactly after the end of the storage area. Google also wonders in the error description how such a flaw in such a safety-critical component could have passed the internal tests at Apple.

Security gaps 4 and 5 work up to iOS 12.1 on all iPhone models. The gap number 4 also exploits a lack of security in the communication of processes among themselves. This makes it possible to move memory blocks, even though they are not associated with the execution process at all. Weakness number 5 is based on a failed experiment that Apple probably performed during the development of iOS 8: For an unknown reason, code components of an unfinished implementation can be found in the final versions, which never worked, but were delivered with them. Apple probably overlooked this and never included it in safety tests, so the weakness exploited here in the unfinished code would have quickly come to light.