A Google Project Zero security researcher has found a vulnerability in iOS that allowed him to take over any iPhone nearby with virtually no interaction from the victim.
The worst kind of vulnerability is one that lets attackers take over a device or software with no input from the victim. In moderate vulnerabilities, the attack usually requires some input from the victim, but with the exploit security researcher Ian Beer discovered, everything was entirely invisible.
“This entire exploit uses just a single memory corruption vulnerability to compromise the flagship iPhone 11 Pro device,” said Beer. “With just this one issue I was able to defeat all the mitigations in order to remotely gain native code execution and kernel memory read and write.”
The good news, if there is any, is that the researcher needed six months of work. But he says that we should look at this situation the other way around. It took one person just six months to fully compromise a widely used and relatively secure device.
The researcher explained that some mitigations are possible, and the story has only been published now. The vulnerability was fixed in an iOS update in May. But he also points out that there’s still room to maneuver due to the implementation of old legacy code that lingers around, still in use.
“A long-term strategy and plan for how to modernize the enormous amount of critical legacy code that forms the core of iOS,” the security researcher also said. “Yes, I’m looking at you vm_map.c, originally written in 1985 and still in use today!”
An exhaustive and very technical paper is available on the Google Project Zero website.