Scary Zero-Click iPhone Exploit With Silent Remote Access Disclosed By Google Project Zero Researcher
In May of this year, Apple patched a silent but deadly exploit that went after iPhones using specially crafted wireless payloads. This exploit is a simple memory corruption attack that allows any malicious person to do whatever they want to an iPhone: be it collecting data such as images and messages, or shutting down the device entirely. First unveiled on Tuesday, the exploit is spectacular to watch and learn about over the course of the 30,000-word writeup.
This exploit was discovered by Ian Beer of Google’s Project Zero earlier this year. As he was locked away at home due to the COVID-19 pandemic, he used his time to create a “wormable radio-proximity exploit” which lets anyone “gain complete control over any iPhone in [the] vicinity.” This works by taking advantage of ADWL, which is Apple’s proprietary networking protocol that drives services like AirDrop on nearly all Apple devices. In essence, a C++ coding error allows for a buffer overflow, or memory corruption, that allows untrusted data to be handled by the device's kernel or root through the ADWL protocol.