When we connect our computers to the network, on many occasions we can run into problems that put our security at risk. There may be vulnerabilities that are exploited by attackers to access systems and collect information. In this article we report on a bug that has been discovered that allows an attacker to use a Wi-Fi exploit to control a nearby iOS device.
An exploit allows controlling iOS devices over Wi-Fi
Cybersecurity researcher Ian Beer from Google Project Zero has uncovered the details of a critical iOS bug that could be exploited and allow a remote attacker to have complete access and control of a nearby device over Wi-Fi.
This exploit allows you to view all the images stored on the device, read email, copy any private messages, as well as monitor all usage in real time. It is undoubtedly a serious problem that puts the privacy and security of users at risk.
Luckily, this vulnerability has been patched , so users who have updated the device to the latest version should not have problems. The security flaw has been logged as CVE-2020-9844 . As soon as it was discovered, it was brought to the attention of Apple to correct the error.
This failure is caused by a buffer overflow programming error in a Wi-Fi controller associated with Apple Wireless Direct Link . It is a proprietary mesh network protocol that Apple uses in AirDrop, AirPlay, and others. This makes communications easier between Apple devices.
Basically we can say that this exploit is based on the existing configuration in devices like iPhone 11 Pro and other adapters to achieve arbitrary reading and writing of kernel memory remotely. This allows shellcode payloads to be injected into kernel memory.
There is no evidence that this security flaw has been exploited. It should also be mentioned that it is not the first time that a failure of this type has been discovered that affects Apple’s AWDL protocol.
Man-in-The-Middle Attacks
These types of vulnerabilities can lead to Man-in-The-Middle attacks to control devices and collect information that is sent or received wirelessly. We already know that our data on the web has great value and many hackers are constantly looking for ways to exploit flaws to compromise privacy.
We have seen that in the case of this vulnerability there is already a patch available. It is very important that we always have the latest updates available and thus be able to correct these types of security flaws that may be present in all types of equipment.
When we talk about bugs that can be exploited remotely, the danger increases. Nowadays it is very common to have very varied devices with access to the network. Wi-Fi connectivity has gained importance in recent years, and that also opens a door for cybercriminals to carry out attacks with the aim of stealing information.