A ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range

A ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range

A hack that let an attacker take full remote control of iPhones without user interaction is bad enough. One that can also then spread automatically from one iPhone to the next is practically unheard of. But a report published this week by Ian Beer of Google's Project Zero bug-hunting team lays out a sinister yet elegant roadmap for how an attacker could have done just that before Apple released fixes in May.


Beer's entire attack stems from a simple, well-known type of vulnerability—a memory corruption bug—in the iOS kernel, the privileged core of an operating system that can access and control pretty much everything. The genius of the attack, though, is that the bug was exploitable through an iPhone's Wi-Fi features, meaning that an attacker just needed some antennas and adapters to launch the assault whenever they chose, compromising any nearby iOS device.


"It’s very interesting research and super unique as well," says Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall app for iOS. "Close access network attacks like this aren’t something you hear about every day."

The vulnerability, which Apple patched back in May, involved a flaw in one of the kernel drivers for Apple Wireless Direct Link, the proprietary mesh networking protocol Apple uses to offer slick over-the-air features like AirDrop and Sidecar. AWDL is built on industry Wi-Fi st ..

Support the originator by clicking the read the rest link below.