Skip to main content
  1. Home
  2. Mobile
  3. News

Recently patched vulnerabilities provided hackers complete access to iPhones

Adam Ismail
By

iPhone on table
Image used with permission by copyright holder
A new report from a mobile security firm has highlighted a series of vulnerabilities in previous versions of iOS that, when used in the right context, could give an attacker complete control of a user’s device. The findings were published by Zimperium, and relate to two components in particular: the IOSurface and AppleAVE kernel extensions.

These components are responsible for driving a device’s display and allowing hardware acceleration for videos, respectively — though Zimperium has outlined eight ways in which they can be used to compromise an iPhone or iPad. The vulnerabilities concern the elevation of privileges, so unscrupulous parties can be granted free rein over the system. Once they’re in, a hacker can access a variety of personally identifiable information, like the device’s GPS location data, contacts, microphone, and even photos.

Recommended Videos

The IOSurface extension in particular has been previously linked to jailbreak methods, and with the release of iOS 10.3.2, Apple has patched the issues. However, users of older devices are still left unprotected. According to Zimperium’s Adam Donenfeld, who discovered the vulnerabilities, the exploits are so discreet that they can be performed without the user’s knowledge.

Related

“Before the patch, the only way for a user to guard itself was to install a third-party mobile protection solution,” Donenfeld told Digital Trends. “Unless patched, without a third-party mobile protection solution there’s no way for a user to know whether he’s being attacked.”

Thankfully, Donenfeld noted that Apple has acted swiftly in issuing fixes. Zimperium notified the company of its findings toward the end of March, and Apple pushed out iOS 10.3.2 to devices in mid-May. The oldest iPhone currently supported with updates is the iPhone 5, meaning the wide majority of current iOS users have been covered. Zimperium will publish an expanded proof-of-concept explaining the vulnerabilities in greater detail soon, but the report is currently being delayed at Apple’s request.

Mobile devices carry unique risks. That’s the reason why firms like Zimperium exist — to address the concerns of smartphone and tablet users, who face a very different threat from their desktop counterparts. One of the dangers Donenfeld identifies is the behavior of many mobile devices in automatically connecting to available public Wi-Fi networks.

“Network-based threats are significant and far too easy to execute,” Donenfeld said. “Plus, malware in many forms has grown at an alarming rate in recent years. We’ve seen an increasing number of mobile vulnerabilities — such as Stagefright — being discovered.”

Despite manufacturers’ and researchers’ best efforts, Donenfeld doesn’t expect the rising tide of crime to turn anytime soon.

“Mobility provides a huge number of assets with much less risk of discovery and prosecution than traditional crimes, so it is only logical that mobile threats will continue to grow.”

Editors' Recommendations

Topics
Adam Ismail
Adam Ismail
Former Digital Trends Contributor
Adam’s obsession with tech began at a young age, with a Sega Dreamcast – and he’s been hooked ever since. Previously…
Here’s how Apple could change your iPhone forever
An iPhone 15 Pro Max laying on its back, showing its home screen.

Over the past few months, Apple has released a steady stream of research papers detailing its work with generative AI. So far, Apple has been tight-lipped about what exactly is cooking in its research labs, while rumors circulate that Apple is in talks with Google to license its Gemini AI for iPhones.

But there have been a couple of teasers of what we can expect. In February, an Apple research paper detailed an open-source model called MLLM-Guided Image Editing (MGIE) that is capable of media editing using natural language instructions from users. Now, another research paper on Ferret UI has sent the AI community into a frenzy.

Read more
There’s a big problem with the iPhone’s Photos app
The Apple iPhone 15 Plus's gallery app.

While my primary device these days continues to be my iPhone 15 Pro, I’ve dabbled with plenty of Android phones since I’ve been here at Digital Trends. One of my favorite brands of phone has been the Google Pixel because of its strong suite of photo-editing tools and good camera hardware.

Google first added the Magic Eraser capability with the Pixel 6 and Pixel 6 Pro, which is a tool I love using. Then, with the Pixel 8 series, Google added the Magic Editor, which uses generative AI to make edits that wouldn’t be possible otherwise. There are also tools like Photo Unblur, which is great for old photographs and enhancing images that were captured with low-quality sensors.

Read more
Why you should buy the iPhone 15 Pro Max instead of the iPhone 15 Pro
Someone holding an iPhone 15 Pro Max outside on a patio, showing the back of the Natural Titanium color.

If you want the best iPhone money can buy in 2024, you have two options: the iPhone 15 Pro and the iPhone 15 Pro Max. They have the same chipset, similar display technology, nearly identical cameras, etc. It's a really close battle, save for the fact that the iPhone 15 Pro is $200 cheaper.

It might be tempting to save some cash and choose the iPhone 15 Pro, but I recommend you splurge for the larger (and more expensive) iPhone 15 Pro Max. Why? Let me explain.
It's a big iPhone you won't hate using

Read more