The screen on the iPhone 12 Pro Max

Enlarge / That’s a lot of screen. (credit: Samuel Axon)

Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable—meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed.

This Wi-Fi packet of death exploit was devised by Ian Beer, a researcher at Project Zero, Google’s vulnerability research arm. In a 30,000-word post published on Tuesday afternoon, Beer described the vulnerability and the proof-of-concept exploit he spent six months developing single-handedly. Almost immediately, fellow security researchers took notice.

Beware of dodgy Wi-Fi packets

“This is a fantastic piece of work,” Chris Evans, a semi-retired security researcher and executive and the founder of Project Zero, said in an interview. “It really is pretty serious. The fact you don’t have to really interact with your phone for this to be set off on you is really quite scary. This attack is just you’re walking along, the phone is in your pocket, and over Wi-Fi someone just worms in with some dodgy Wi-Fi packets.”

Read 6 remaining paragraphs | Comments

Translate »
Legal Notice: Views expressed in articles published in www.ebusinessbrief.com are those of the authors and www.ebusinessbrief.com or its owners take no responsibility regarding the same. Advertisements in www.ebusinessbrief.com are published for information of the subscribers. www.ebusinessbrief.com does not authenticate, endorse or guarantee any of the products or services or claims made by the Advertisers. Readers are advised to themselves verify the details. No part of this publication may be reproduced by any means without prior written permission from the Editor. Permission is normally granted wherever sufficient acknowledgement is given to www.ebusinessbrief.com.