Apple seriously has some explaining to do now that it’s come to light that every iPhone on Earth (which is about 1.4 billion of them if you believe Apple’s numbers) is at risk of being pwned by hackers. As reported by AppleInsider, security firm Check Point has revealed it has found a way to hack every iPhone and iPad running iOS 8 right up to betas of iOS 13:
Speaking at Def Con 2019, the company showed the technique being used to manipulate Apple’s iOS Contacts app. Searching the Contacts app under these circumstances can be enough to make the device run malicious code.
“SQLite is the most wides-spread database engine in the world,” said the company in a statement. “It is available in every operating system, desktop and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite.”
“In short, we can gain control over anyone who queries our SQLite-controlled database,” they continued.
When you search for a contact or look up information in any app, you are really searching a database and very commonly that will be using SQLite.
And here’s the worst part:
Documented In a 4,000-word report seen by AppleInsider, the company’s hack involved replacing one part of Apple’s Contacts app and it also relied on a known bug that has hasn’t been fixed four years after it was discovered.
“Wait, what? How come a four-year-old bug has never been fixed?” write the researchers in their document. “This feature was only ever considered vulnerable in the context of a program that allows arbitrary SQL from an untrusted source and so it was mitigated accordingly. However, SQLite usage is so versatile that we can actually still trigger it in many scenarios.”
In other words, the bug has been considered unimportant because it was believed it could only be triggered by an unknown application accessing the database, and in a closed system like iOS, there are no unknown apps. However, Check Point’s researchers then managed to make a trusted app send the code to trigger this bug and exploit it.
Wow. Apple has failed to fix this bug for four years which means that it could have been exploited long before it was discovered by Check Point. Even if it hasn’t, you’d think that Apple would have fixed it long before now. Well, they have no choice but to fix it now seeing as it’s public information and those who play on the dark side of things are now going to come up with attacks that leverage this. Thus expect a fix to be out very quickly. Though I would much rather hear an explanation from Apple as to why they didn’t address this much earlier.
Like this:
Like Loading...
Related
This entry was posted on August 12, 2019 at 8:26 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Every iPhone On Planet Earth Is At Risk To Being Pwned….. And Apple May Have Known About This For Years
Apple seriously has some explaining to do now that it’s come to light that every iPhone on Earth (which is about 1.4 billion of them if you believe Apple’s numbers) is at risk of being pwned by hackers. As reported by AppleInsider, security firm Check Point has revealed it has found a way to hack every iPhone and iPad running iOS 8 right up to betas of iOS 13:
Speaking at Def Con 2019, the company showed the technique being used to manipulate Apple’s iOS Contacts app. Searching the Contacts app under these circumstances can be enough to make the device run malicious code.
“SQLite is the most wides-spread database engine in the world,” said the company in a statement. “It is available in every operating system, desktop and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite.”
“In short, we can gain control over anyone who queries our SQLite-controlled database,” they continued.
When you search for a contact or look up information in any app, you are really searching a database and very commonly that will be using SQLite.
And here’s the worst part:
Documented In a 4,000-word report seen by AppleInsider, the company’s hack involved replacing one part of Apple’s Contacts app and it also relied on a known bug that has hasn’t been fixed four years after it was discovered.
“Wait, what? How come a four-year-old bug has never been fixed?” write the researchers in their document. “This feature was only ever considered vulnerable in the context of a program that allows arbitrary SQL from an untrusted source and so it was mitigated accordingly. However, SQLite usage is so versatile that we can actually still trigger it in many scenarios.”
In other words, the bug has been considered unimportant because it was believed it could only be triggered by an unknown application accessing the database, and in a closed system like iOS, there are no unknown apps. However, Check Point’s researchers then managed to make a trusted app send the code to trigger this bug and exploit it.
Wow. Apple has failed to fix this bug for four years which means that it could have been exploited long before it was discovered by Check Point. Even if it hasn’t, you’d think that Apple would have fixed it long before now. Well, they have no choice but to fix it now seeing as it’s public information and those who play on the dark side of things are now going to come up with attacks that leverage this. Thus expect a fix to be out very quickly. Though I would much rather hear an explanation from Apple as to why they didn’t address this much earlier.
Share this:
Like this:
Related
This entry was posted on August 12, 2019 at 8:26 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.