Hack iPhone with only one vulnerability

With just the Apple ID, you can remotely hack your iPhone, access passwords and activate the camera in a few minutes.

Vulnerabilities in software that could compromise a system without user intervention (for example, without clicking on a malicious link by the victim) are of great interest to security researchers. Experts from Google Project Zero, who have devoted the study of this issue over the past few months, are no exception.

On Thursday, January 9, security researcher Samuel Gross of Google Project Zero demonstrated how to use an Apple ID to hack an iPhone remotely in a few minutes, access passwords, messages, email and activate the camera with a microphone.

The researcher described his attack method in three separate articles on the Google Project Zero blog. The first provides technical details about the vulnerability, the second describes how to hack ASLR, and the third explains how to remotely execute code on an attacked device bypassing the sandbox.

During the attack, Gross exploited the only vulnerability in iOS 12.4 (CVE-2019-8641), fixed by Apple in August last year with the release of iOS 12.4.1. With its help, he circumvented ASLR technology, designed to complicate the operation of certain types of vulnerabilities. ASLR provides for changing the location in the process address space of important data structures (executable file images, loaded libraries, heaps and stacks). However, the attack demonstrated by Gross casts doubt on the effectiveness of ASLR.

“The study was mainly motivated by the following question: is it possible to use remote vulnerability for memory corruption to achieve remote code execution on iPhone without using other vulnerabilities and without any user interaction? A series of publications on this blog proves that yes, it is indeed possible, ”Gross said.

  • ru
  • en