After a long time, Apple fixed a vulnerability for several years.
Earlier this year, Apple fixed one of the biggest vulnerabilities on the iPhone. This was a memory bug in the iOS kernel that gave attackers remote access to the entire device via Wi-Fi and without any user interaction. “Death Packet” was designed by Ian Beer, a researcher at Project Zero in Google’s vulnerability research department.
Beers attack worked by exploiting a cache overflow error in Apple’s AWDL driver, a network protocol that makes Airdrop work, for example, because the drivers are at the core of one of the most privileged parts of any operating system. Because AWDL analyzes Wi-Fi packages, exploits can be transferred without any indication that the user will notice anything.
The researcher created several different exploits. The most advanced of these installs a program that has full access to the user’s personal information, including emails, photos, messages, passwords and cryptographic keys. A laptop, Raspberry Pi and some widely available Wi-Fi adapters were used in the attack. It took about two minutes to install the prototype program, but Beer said a better written exploit could be installed in “seconds”.
Beer also said that Apple had already fixed the error. At the same time, he acknowledged that he had no evidence that the vulnerability was ever exploited.