Researcher in a few minutes remotely hacked iPhone using only Apple ID and exploiting only the CVE-2019-8641 vulnerability, due to which he gained access to the user’s accounts and passwords on the device and activated the camera.
Vulnerabilities in software that could compromise a system without user intervention (for example, without clicking on a malicious link by the victim) present a great interest to security researchers. Experts from Google Project Zero, who have devoted the study of this issue over the past few months, are not an exception.
On Thursday, January 9, Google Project Zero security researcher Samuel Gross from Google Project Zero demonstrated how he can remotely hack an iPhone, access passwords, messages, email and activate the camera with a microphone with just one Apple ID in a few minutes.
“All of this is possible without any user interaction (e.g. opening a URL sent by an attacker) or visual indicator (e.g. notifications) being displayed to the user. The attack exploits a single vulnerability, CVE-2019-8641 to first bypass ASLR, then execute code on the target device outside of the sandbox.”, — writes Samuel Gross.
The researcher described his attack method in three separate articles on the Google Project Zero blog. The first provides technical details about the vulnerability, the second describes how to hack ASLR, and the third explains how remotely execute code on an attacked device bypassing the sandbox.
During the attack, Gross exploited the only vulnerability in iOS 12.4 (CVE-2019-8641), fixed by Apple in August last year with the release of iOS 12.4.1. With its help, he bypassed ASLR technology, designed to complicate the operation of certain types of vulnerabilities.
ASLR provides for changing the location in the process address space of important data structures (executable file images, loaded libraries, heaps and stacks). However, the attack, which demonstrated Gross, rises doubt on the effectiveness of ASLR.
“The study was mainly motivated by the following question: is it possible with the use of single remote vulnerability for memory impairment to achieve remote code execution on iPhone without using other vulnerabilities and without any user interaction? A series of my publications proves that yes, it is indeed possible”, – Gross said.
A key insight of this research was that ASLR, which in theory should offer strong protection in this attack scenario, is not as strong in practice.
Overall, the life is getting more and more dangerous, as recently, another researcher demonstrated that TikTok could be hacked using SMS.
Take care of yourself, remember about information hygiene and use Gridinsoft 🙂