Flaw in iPhone, iPads may have allowed hackers to steal data for years

Flaw in iPhone, iPads may have allowed hackers to steal data for years

Apple Inc plans to fix an error that, according to a security company, has left more than half a billion iPhones vulnerable to hackers.

The bug, which also occurs on iPads, was discovered by Zuk Avraham, chief executive of San Francisco-based forensic mobile security company ZecOps, while investigating an advanced cyber-attack against a customer in late 2019. Avraham said he had found evidence that the vulnerability had been exploited in at least six cybersecurity breaches. An Apple spokesperson acknowledged that there is a vulnerability in Apple’s email software on iPhones and iPads, known as the Mail app, and that the company has developed a solution that will roll out to millions in an upcoming update devices that it has sold worldwide.

Apple declined to comment on Avraham’s investigation, which was released on Wednesday, suggesting that the error could be caused from a distance and that it has already been exploited by hackers against high-profile users. Avraham said he found evidence that a malicious program exploited the vulnerability in Apple’s iOS mobile operating system as early as January 2018. He was unable to identify who the hackers were, and Reuters was unable to independently verify his claim.

To execute the hack, Avraham said the victims would receive a seemingly blank email message through the Mail app, causing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details. ZecOps claims the vulnerability allowed hackers to steal data from iPhones remotely, even if they were using recent versions of iOS. On its own, the error would allow access to everything the Mail app had access to, including confidential messages.

Avraham, a former Israeli defense force security researcher, said he suspected that the hacking technique was part of a series of malicious programs, the rest undiscovered, that could have given an attacker full remote access. Apple declined to comment on that prospect. Avraham based most of his conclusions on data from “crash reports”, which are generated when programs fail on a device in the middle of a task. He was then able to mimic a technique that caused the controlled crashes.

Two independent security researchers who reviewed the discovery of ZecOps found the evidence credible, but said they had not completely mimicked the findings due to time constraints. Patrick Wardle, an Apple security expert and former investigator for the US National Security Agency, said the discovery “confirms what has always been a rather poorly kept secret: that well-equipped opponents can infect fully patched iOS devices remotely and silently. “

Since Apple was not aware of the software bug until recently, it could have been very valuable to governments and contractors offering hacking services. Exploitation programs that work without warning against an up-to-date phone can be worth over $ 1 million. While Apple is largely regarded as a high standard for digital security within the cybersecurity industry, any successful hacking technique against the iPhone can affect millions due to the global popularity of the device. In 2019, Apple said there were approximately 900 million iPhones active.

Bill Marczak, a security researcher at Citizen Lab, a Canada-based academic security research group, called the discovery of vulnerabilities “scary”. & # 39; Often you can take comfort in the fact that hacking is preventable & # 39; says Marczak. & # 39; With this bug, it doesn’t matter if you have a PhD in cybersecurity this will eat your lunch. & # 39;

(This story has not been edited by staff and is automatically generated from a syndicated feed.)

News

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
After the United States, Canada blocks China's Huawei and ZTE from 5G networks
After the United States, Canada blocks China’s Huawei and ZTE from 5G networks
The five countries make up an intelligence-sharing arrangement named ‘Five Eyes’. After the US, Canada has now moved to ban Chinese telecommunication giants ...
Android 13 of Dragon Ball Z fame is designed by a Dragon Ball Super Artist
Android 13 of Dragon Ball Z fame is designed by a Dragon Ball Super Artist
The seventh movie of the Dragon Ball Z series, Dragon Ball Z: Super Android 13!, introduced a number of new androids created by the Red Ribbon Army, taking ...
This weekend, play these three Xbox games for free
This weekend, play these three Xbox games for free
As usual with Free Play Day weekend promotions, all three titles are unlocked in full as if Xbox Live Gold players owned them outright and Xbox Achievements ...
UNITED STATES-WALL STREET STOCKS END MIXED, TESLA FALLS
UNITED STATES-WALL STREET STOCKS END MIXED, TESLA FALLS
Weighing heavily on the S&P 500, Tesla tumbled after Chief Executive Elon Musk denounced as “utterly untrue” claims in a news report that he sexually ...
The world's most DIY-friendly laptop has received a significant upgrade
The world’s most DIY-friendly laptop has received a significant upgrade
In our Framework Laptop review from 2021 I enthused over the fact that Framework actually delivered on its promise of selling a laptop that’s more repairable ...
What we learned from the most recent NetEase conference
What we learned from the most recent NetEase conference
The survival game will get even bigger this summer with an expansion called Toward the Unknown. It will introduce new gameplay modes, and outfits while ...
G7 would help Ukraine with funding "to get through this", according to Yellen
G7 would help Ukraine with funding “to get through this”, according to Yellen
Yellen told reporters after the first day of a G7 finance ministers and central bank governors’ meeting here that pledges had surpassed the $15 billion in ...
Inventories in China rose as a result of a lower-than-expected drop in lending rates, while foreign inflows rose.
Inventories in China rose as a result of a lower-than-expected drop in lending rates, while foreign inflows rose.
The CSI300 index rose 2.2 percent this week, its highest weekly rise since April 1, while the Shanghai Composite index rose 2%. The five-year loan prime rate ...
A vulnerability in the Huawei AppGallery lets you download paid Android apps for free
A vulnerability in the Huawei AppGallery lets you download paid Android apps for free
The latest flaw in Huawei’s app store was discovered by Android developer Dylan Roussel. Essentially, the API of the AppGallery doesn’t offer any protection ...
Cartelization will be difficult, according to FM
Cartelization will be difficult, according to FM
Amidst rising inflation which has also raised concerns about the economic recovery from the coronavirus pandemic, the minister said there are a few ...
Show next
We will be happy to hear your thoughts

Leave a reply

Compsmag - Latest News In Tech and Business
Logo