Google's team of security analysts, Project Zero first published a report flagging the flaw termed as unauthenticated kernel memory corruption vulnerability.
A bug in Apple’s iOS operating system kernel that would have caused massive security breach among iPhone users was mended by the electronic giant earlier this year. The serious vulnerability reported by researchers of Google’s Project Zero team would have given access to hackers to get complete control of any iPhone user without any direct interaction with them using WiFi. Apple rectified the issue with the release of the iOS 13.5 in May.
Google’s team of security analysts, Project Zero first published a report flagging the flaw termed as unauthenticated kernel memory corruption vulnerability. An analyst Ian Beer published a blog to detail about the vulnerability and also caused a proof-of-concept exploit that he has built to show the software’s weakness.
The Project Zero researchers developed multiple attacks to understand the flaw but the most advanced one was the wormable radio-proximity exploit through which they got complete remote access of iPhone 11 Pro. The exploit was launched using a Raspberry Pi device, off-shelf-adapter and a laptop.
In the blog, Beer said that with the attack they could view all photos, copy of private messages, emails and monitor everything which happens there in real-time. Beer further found through his exploits that the buffer overflow bug was found in a driver for Apple’s native mesh networking protocol, AWDL. With the bug, a hacker can get complete access remotely as the driver for AWDL exists in the kernel.
The research blog further pointed out that hackers can enable AWDL remotely on a locked device as long as it has been at least once unlocked by the user after switching on the device. The vulnerability is also wormable which means an attacker can get access to other iPhones that come into contact with the hacked iPhone.
Apple has also acknowledged the vulnerabilities pointed out by Beer on its security page. It said that a remote attacker can cause ‘unexpected system termination’ or ‘corrupt kernel memory’ and the issue was addressed with improved memory management. Although the flaw has been fixed now with the release of latest iOS 13.5, handsets using an earlier version of iOS or have not enabled the updates are still vulnerable to the attack.
Although there are no official records of any harmful exploit so far before it got fixed by Apple, Beer in his blog noted that at least one exploit seller was aware that the iOS kernel had the bug.