Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw

Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.

Google Project Zero security researcher Ian Beer has developed an exploit showing how an attacker can take complete control over nearby iPhone devices without any user interaction.


The zero-click exploit takes advantage of a now patched memory corruption issue in iOS and gives attackers a way to cause any iOS device that is in radio proximity to the attacker to reboot. An adversary can use the exploit to view photos, read email, copy private messages, drop malware, and monitor everything that happens on a victim iOS device in real time, Beer said in a technical paper this week.


According to Beer, the vulnerability his exploit takes advantage of lies in Apple Wireless Device Link (AWDL), a peer-to-peer wireless connectivity protocol that iOS devices use to communicate with each other.


Beer discovered the vulnerability (CVE-2020-3843) in November 2019 and reported it to Apple, which addressed the issue with its release of iOS 13.3.1. At the time, Apple described the issue as enabling an adversary to shut off or reboot systems or to corrupt kernel memory. Apple addressed ..