Dangerous 0-day vulnerability in iOS 5.1.1 and 6
Dutch hackers using a bug in the Webkit engine used in the mobile version of the Safari browser were able to access all photos, contacts and browser history on the iPhone 4S. The vulnerability is present in iOS version 5.1.1 and in the latest developer preview version of iOS 6.
Thus, the vulnerability must be present in iPhones, iPads and modern iPods - including the iPhone 5 that comes out in a few hours.
Vulnerability may also be present in Blackberry phones and Android phones, which also use the Webkit engine in browsers that are on the system by default. On the other hand, there is no exploit for these platforms yet.
')
The bug was shown by a team from a small company Certified Secure at the Pwn2Own mobile device hacking competition in Amsterdam. Another team from MWR Labs also found a vulnerability in the implementation of NFC in SGS3 , but the bug found in iOS was regarded as a much more serious security threat: Webkit is a very widely used engine in mobile browsers, and NFC is so far not widely spread and has a range a few centimeters.
A simple visit to a malicious site using mobile Safari is enough to launch an attack: specially prepared JavaScript code, using a bug in the engine, can overwrite an arbitrary section of RAM, which allows hackers to upload a piece of executable code to the device and transfer control to it. Vulnerability allows you to bypass the security system, allowing the launch of only the signed code and other protective mechanisms. Hackers get free rein.
Joost Pol and Dan Kuiper (Daan Keuper), employees of Certified Secure, consisting of only 9 people, won $ 30,000, putting forward their exploit to participate in the competition. Paul and Kuiper say that it took them only 3 weeks of meetings after work.
“We really wanted to find out how long the hacker had been aiming to take time to crack the iPhone from scratch. This is what motivated me personally for this job, ”said Paul in an interview ,“ It was quite simple to detect the zero-day vulnerability in the Webkit engine, nothing complicated. But then it was necessary to put together a bunch of things to make the exploit work. "
E-mail and SMS were inaccessible by hackers, since they are isolated from the safari process and are separately encrypted.
Paul believes that it is especially important that the vulnerability was found precisely in the iPhone, which, in his opinion, is considered the most secure of the Blackberry, Android, Windows Phone and Symbian sets. (Actually, like Blackberry is considered the most protected, no? - approx. Lane. )
Finally, Paul added: “People in leadership positions in companies should never use an iPhone or Blackberry for business correspondence and for nothing important at all. This is how simple it is. Many people, for example, take pictures on their phones that they should not take pictures. ”
Pwn2Own is an annual conference held since 2007, for the first time this year aimed at mobile devices. Paul and Kuiper reported that after the conference they destroyed all copies of the exploit they had written.
Apple has not yet commented on the vulnerability.
Thus, the vulnerability must be present in iPhones, iPads and modern iPods - including the iPhone 5 that comes out in a few hours.
Vulnerability may also be present in Blackberry phones and Android phones, which also use the Webkit engine in browsers that are on the system by default. On the other hand, there is no exploit for these platforms yet.
')
The bug was shown by a team from a small company Certified Secure at the Pwn2Own mobile device hacking competition in Amsterdam. Another team from MWR Labs also found a vulnerability in the implementation of NFC in SGS3 , but the bug found in iOS was regarded as a much more serious security threat: Webkit is a very widely used engine in mobile browsers, and NFC is so far not widely spread and has a range a few centimeters.
A simple visit to a malicious site using mobile Safari is enough to launch an attack: specially prepared JavaScript code, using a bug in the engine, can overwrite an arbitrary section of RAM, which allows hackers to upload a piece of executable code to the device and transfer control to it. Vulnerability allows you to bypass the security system, allowing the launch of only the signed code and other protective mechanisms. Hackers get free rein.
Joost Pol and Dan Kuiper (Daan Keuper), employees of Certified Secure, consisting of only 9 people, won $ 30,000, putting forward their exploit to participate in the competition. Paul and Kuiper say that it took them only 3 weeks of meetings after work.
“We really wanted to find out how long the hacker had been aiming to take time to crack the iPhone from scratch. This is what motivated me personally for this job, ”said Paul in an interview ,“ It was quite simple to detect the zero-day vulnerability in the Webkit engine, nothing complicated. But then it was necessary to put together a bunch of things to make the exploit work. "
E-mail and SMS were inaccessible by hackers, since they are isolated from the safari process and are separately encrypted.
Paul believes that it is especially important that the vulnerability was found precisely in the iPhone, which, in his opinion, is considered the most secure of the Blackberry, Android, Windows Phone and Symbian sets. (Actually, like Blackberry is considered the most protected, no? - approx. Lane. )
Finally, Paul added: “People in leadership positions in companies should never use an iPhone or Blackberry for business correspondence and for nothing important at all. This is how simple it is. Many people, for example, take pictures on their phones that they should not take pictures. ”
Pwn2Own is an annual conference held since 2007, for the first time this year aimed at mobile devices. Paul and Kuiper reported that after the conference they destroyed all copies of the exploit they had written.
Apple has not yet commented on the vulnerability.
Source: https://habr.com/ru/post/151891/
All Articles