Skip to main content

Recently patched vulnerabilities provided hackers complete access to iPhones

iPhone on table
Image used with permission by copyright holder
A new report from a mobile security firm has highlighted a series of vulnerabilities in previous versions of iOS that, when used in the right context, could give an attacker complete control of a user’s device. The findings were published by Zimperium, and relate to two components in particular: the IOSurface and AppleAVE kernel extensions.

These components are responsible for driving a device’s display and allowing hardware acceleration for videos, respectively — though Zimperium has outlined eight ways in which they can be used to compromise an iPhone or iPad. The vulnerabilities concern the elevation of privileges, so unscrupulous parties can be granted free rein over the system. Once they’re in, a hacker can access a variety of personally identifiable information, like the device’s GPS location data, contacts, microphone, and even photos.

The IOSurface extension in particular has been previously linked to jailbreak methods, and with the release of iOS 10.3.2, Apple has patched the issues. However, users of older devices are still left unprotected. According to Zimperium’s Adam Donenfeld, who discovered the vulnerabilities, the exploits are so discreet that they can be performed without the user’s knowledge.

“Before the patch, the only way for a user to guard itself was to install a third-party mobile protection solution,” Donenfeld told Digital Trends. “Unless patched, without a third-party mobile protection solution there’s no way for a user to know whether he’s being attacked.”

Thankfully, Donenfeld noted that Apple has acted swiftly in issuing fixes. Zimperium notified the company of its findings toward the end of March, and Apple pushed out iOS 10.3.2 to devices in mid-May. The oldest iPhone currently supported with updates is the iPhone 5, meaning the wide majority of current iOS users have been covered. Zimperium will publish an expanded proof-of-concept explaining the vulnerabilities in greater detail soon, but the report is currently being delayed at Apple’s request.

Mobile devices carry unique risks. That’s the reason why firms like Zimperium exist — to address the concerns of smartphone and tablet users, who face a very different threat from their desktop counterparts. One of the dangers Donenfeld identifies is the behavior of many mobile devices in automatically connecting to available public Wi-Fi networks.

“Network-based threats are significant and far too easy to execute,” Donenfeld said. “Plus, malware in many forms has grown at an alarming rate in recent years. We’ve seen an increasing number of mobile vulnerabilities — such as Stagefright — being discovered.”

Despite manufacturers’ and researchers’ best efforts, Donenfeld doesn’t expect the rising tide of crime to turn anytime soon.

“Mobility provides a huge number of assets with much less risk of discovery and prosecution than traditional crimes, so it is only logical that mobile threats will continue to grow.”

Editors' Recommendations

Adam Ismail
Former Digital Trends Contributor
Adam’s obsession with tech began at a young age, with a Sega Dreamcast – and he’s been hooked ever since. Previously…
Your iPhone just got a new iOS update, and you should download it right now
iPhone 15 Pro display with iPhone 15 Pro Max in background.

Apple has just released a new security update, iOS 17.4.1. This comes a little over two weeks after iOS 17.4, which was a big update. iOS 17.4.1 doesn't add any new features, but it's still an important update you'll want to download as soon as you can.

With iOS 17.4.1, Apple states that the update “provides important bug fixes and security updates and is recommended for all users.” Apple doesn’t mention any specifics of these bug fixes, but more details on what this security update addresses may be revealed at a later date.

Read more
The DOJ has sued Apple over the iPhone. Here’s what it means for you
The Apple iPhone 15 Pro Max and iPhone 14 Pro seen from the back.

Apple iPhone 14 Pro (left) and iPhone 15 Pro Max Andy Boxall / Digital Trends

If you're reading this article, chances are you have an iPhone. It's also quite likely that your friends and family members also use an iPhone. The iPhone is the smartphone of choice for millions of people in the U.S., and now, the Department of Justice (DOJ) is suing Apple over the iPhone monopoly it has established over the years.

Read more
UPS worker accused of nabbing $1.3M worth of iPhones and other Apple gear
A MacBook and iPhone in dark red light.

The desirability and high value of iPhones and other Apple devices make the gear a popular target for criminals looking to make a fast buck.

In the latest such case, a now former UPS employee is accused of stealing more than $1.3 million worth of Apple iPhones and laptops from the shipping company’s warehouse in Winnipeg, Canada, before selling them in an operation that continued for seven months, the Winnipeg Free Press reported this week.

Read more