Data Security

Hack Iphone, Access Camera, Passwords In Few Minutes

Vulnerability which is most dangerous for any software or application. If vulnerability becomes more vulnerable to mobiles phone, it can lead to access your password, contacts and even your mobile camera. Recent vulnerability was found on iPhone as part of a joint vulnerability research project of Samuel Groß and Natalie Silvanovich at Google project Zero and reported to Apple on July 29 2019, followed by the POC exploit on August 9, 2019. The vulnerability was mitigated in iOS 12.4.1 with the fixed in iOS 13.2, released on October 28 2019.

This vulnerability is iPhone “0-Click” vulnerability which does not require user interaction for compromising security in IPhone. According to researcher of international institute of cyber security, many cyber researcher are working on to find “0 click” vulnerabilities as Apple has announced one million dollar bug bounty for such vulnerabilities and Security researcher are using apple IOS images for bug bounty testing and apple is against the company for providing IOS virtual images.

Samuel Groß has described on their Google Project Zero Blog, where first blog consist of how iMessage was exploited with memory corruption vulnerability. You can check whole technical specification of the vulnerability here.

In second version of blog, it shows how remotely ASLR (Address Space Layout Randomization) was bypassed. For second blog details, here.

In third version, shows how calculator app was popped up remotely using this vulnerability. Also it demonstrated the bypassing of sandbox environment.

Comments
To Top

Pin It on Pinterest

Share This