Recently patched vulnerabilities provided hackers complete access to iPhones

iPhone on table
A new report from a mobile security firm has highlighted a series of vulnerabilities in previous versions of iOS that, when used in the right context, could give an attacker complete control of a user’s device. The findings were published by Zimperium, and relate to two components in particular: the IOSurface and AppleAVE kernel extensions.

These components are responsible for driving a device’s display and allowing hardware acceleration for videos, respectively — though Zimperium has outlined eight ways in which they can be used to compromise an iPhone or iPad. The vulnerabilities concern the elevation of privileges, so unscrupulous parties can be granted free rein over the system. Once they’re in, a hacker can access a variety of personally identifiable information, like the device’s GPS location data, contacts, microphone, and even photos.

The IOSurface extension in particular has been previously linked to jailbreak methods, and with the release of iOS 10.3.2, Apple has patched the issues. However, users of older devices are still left unprotected. According to Zimperium’s Adam Donenfeld, who discovered the vulnerabilities, the exploits are so discreet that they can be performed without the user’s knowledge.

“Before the patch, the only way for a user to guard itself was to install a third-party mobile protection solution,” Donenfeld told Digital Trends. “Unless patched, without a third-party mobile protection solution there’s no way for a user to know whether he’s being attacked.”

Thankfully, Donenfeld noted that Apple has acted swiftly in issuing fixes. Zimperium notified the company of its findings toward the end of March, and Apple pushed out iOS 10.3.2 to devices in mid-May. The oldest iPhone currently supported with updates is the iPhone 5, meaning the wide majority of current iOS users have been covered. Zimperium will publish an expanded proof-of-concept explaining the vulnerabilities in greater detail soon, but the report is currently being delayed at Apple’s request.

Mobile devices carry unique risks. That’s the reason why firms like Zimperium exist — to address the concerns of smartphone and tablet users, who face a very different threat from their desktop counterparts. One of the dangers Donenfeld identifies is the behavior of many mobile devices in automatically connecting to available public Wi-Fi networks.

“Network-based threats are significant and far too easy to execute,” Donenfeld said. “Plus, malware in many forms has grown at an alarming rate in recent years. We’ve seen an increasing number of mobile vulnerabilities — such as Stagefright — being discovered.”

Despite manufacturers’ and researchers’ best efforts, Donenfeld doesn’t expect the rising tide of crime to turn anytime soon.

“Mobility provides a huge number of assets with much less risk of discovery and prosecution than traditional crimes, so it is only logical that mobile threats will continue to grow.”


Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.
Movies & TV

No TV? No problem. Here's how to watch the Final Four online

Whether you want to watch the Big Dance on your phone or on your smart TV, we have the lowdown on all the ways to watch March Madness you can handle. Grab your foam finger and some nachos.

Free yourself! How to unlock a phone from the icy hands of your wireless carrier

Do you want to know how to unlock a phone through your carrier or a third-party service like DoctorSIM? Regardless of which way you want to go, we've compiled a list of requirements and methods for doing so.

Here are the 5 of the best antivirus solutions for your small business

Getting your business off the ground is hard enough, and dealing with viruses, hackers, and security breaches only makes it harder. These 5 antivirus solutions can help keep you protected.

Apple’s new iPads are hardly new at all. Don’t waste your money

It has taken Apple four years to get around to updating the iPad Mini line, but the new iPad Mini is virtually identical to its predecessor. It’s joined by a confusing iPad Air with no obvious target audience. Is Apple just trying to sell…

iPad Air vs. iPad Mini: Which new tablet from Apple is best for you?

Apple has unveiled two new iPad models, including a new iPad Air and a new iPad Mini. Both devices have a lot to offer. But which iPad is right for your needs? We put the iPad Air and iPad Mini to the test to find out.

Even older Apple Watches could be effective at spotting heart conditions

The Apple Watch Series 4 is known for detecting heart conditions like atrial fibrillation thanks to having an electrocardiograph feature. It turns out that older Apple Watches could be effective at tracking AFib, too.

The best Apple AirPods alternatives for Android, Windows, and iOS devices

Apple AirPods, nice as they are, aren't the only game in town. Other makers are offering their own truly wireless earbuds, and if you're looking to buy a pair of high-end in-ear headphones, we've got the best AirPod alternatives on the…

The Black Shark 2’s Ludicrous Mode promises the smoothest mobile gaming

Xiaomi-backed Black Shark has a follow-up to last year's Black Shark gaming phone, complete with high specs and a low price. Here's everything we know about the Black Shark 2 gaming phone.

Need a new tablet? Here are the best iPad deals for March 2019

In the wide world of tablets, Apple is still the king. If you're on team Apple and just can't live without iOS, we've curated an up-to-date list of all of the best iPad deals currently available for March 2018.

Amazon drops price on Apple Watch Series 4 with a rare deal

Since Apple first unveiled the Series 4, the price for one has pretty much held fast. This has finally started to change with a nice little $15 discount on Amazon. If you've been wanting the newest Apple Watch, now is a great time.

Sending SMS messages from your PC is easier than you might think

Texting is a fact of life, but what to do when you're in the middle of something on your laptop or just don't have your phone handy? Here's how to send a text message from a computer, whether you prefer to use an email client or Windows 10.

Google's midrange Pixels might be called the Pixel 3a and Pixel 3a XL

The Google Pixel 3 and Pixel 3 XL are considered to be two of the best Android smartphones, but it looks like Google could be prepping a midrange line. Say hello to the Pixel 3a and Pixel 3a XL.

Angry Birds AR: Isle of Pigs brings 3D demolition into your living room

Angry Birds is releasing its next entry in the spring of 2019 - with a new spin. Bringing 3D environments and destruction, Angry Birds AR: Isle of Pigs uses augmented reality to add a new dimension to a classic series.