Recently patched vulnerabilities provided hackers complete access to iPhones

iPhone on table
A new report from a mobile security firm has highlighted a series of vulnerabilities in previous versions of iOS that, when used in the right context, could give an attacker complete control of a user’s device. The findings were published by Zimperium, and relate to two components in particular: the IOSurface and AppleAVE kernel extensions.

These components are responsible for driving a device’s display and allowing hardware acceleration for videos, respectively — though Zimperium has outlined eight ways in which they can be used to compromise an iPhone or iPad. The vulnerabilities concern the elevation of privileges, so unscrupulous parties can be granted free rein over the system. Once they’re in, a hacker can access a variety of personally identifiable information, like the device’s GPS location data, contacts, microphone, and even photos.

The IOSurface extension in particular has been previously linked to jailbreak methods, and with the release of iOS 10.3.2, Apple has patched the issues. However, users of older devices are still left unprotected. According to Zimperium’s Adam Donenfeld, who discovered the vulnerabilities, the exploits are so discreet that they can be performed without the user’s knowledge.

“Before the patch, the only way for a user to guard itself was to install a third-party mobile protection solution,” Donenfeld told Digital Trends. “Unless patched, without a third-party mobile protection solution there’s no way for a user to know whether he’s being attacked.”

Thankfully, Donenfeld noted that Apple has acted swiftly in issuing fixes. Zimperium notified the company of its findings toward the end of March, and Apple pushed out iOS 10.3.2 to devices in mid-May. The oldest iPhone currently supported with updates is the iPhone 5, meaning the wide majority of current iOS users have been covered. Zimperium will publish an expanded proof-of-concept explaining the vulnerabilities in greater detail soon, but the report is currently being delayed at Apple’s request.

Mobile devices carry unique risks. That’s the reason why firms like Zimperium exist — to address the concerns of smartphone and tablet users, who face a very different threat from their desktop counterparts. One of the dangers Donenfeld identifies is the behavior of many mobile devices in automatically connecting to available public Wi-Fi networks.

“Network-based threats are significant and far too easy to execute,” Donenfeld said. “Plus, malware in many forms has grown at an alarming rate in recent years. We’ve seen an increasing number of mobile vulnerabilities — such as Stagefright — being discovered.”

Despite manufacturers’ and researchers’ best efforts, Donenfeld doesn’t expect the rising tide of crime to turn anytime soon.

“Mobility provides a huge number of assets with much less risk of discovery and prosecution than traditional crimes, so it is only logical that mobile threats will continue to grow.”

Computing

Windows improves handwriting-recognition skills at the peril of users’ security

A Windows file that is designed to help improve the platform's ability to translate your handwritten notes into readable text may be a security concern. One researcher found it contained passwords and email contents.
Gaming

Your PlayStation 4 game library isn't complete without these games

Looking for the best PS4 games out there? Out of the massive crop of titles available, we selected the best you should buy. No matter what your genre of choice may be, there's something here for you.
Home Theater

Google Chromecast and Chromecast Ultra: Everything you need to know

Google's Chromecast plugs into your TV's HDMI port, allowing you to stream content from your tablet, laptop, or smartphone directly to your TV. Here's what you need to know about all iterations, including the 4K-ready Chromecast Ultra.
Mobile

Be an online phantom and web surf safely with Ghostery’s mobile browser

Keeping your private information to yourself has become progressively harder in the internet age. If you're worried about your personal information, check out the new version of the Ghostery browser for iOS and Android.
Mobile

How to buy the iPhone XS, iPhone XS Max, and iPhone XR in the U.K.

The new iPhone range is here, and it consists of three models: The iPhone XS, the iPhone XS Max, and the iPhone XR. You can buy the iPhone XS and XS Max in the United Kingdom now, so here's our guide on where to buy one.
Mobile

Need a do-over? Here's how to factory reset an iPhone, from XS on down

Resetting an iPhone can alleviate all sorts of software woes, and wipe away personal data should you sell your device or give it to someone else. Here's how to factory reset an iPhone from within iOS or iTunes.
Product Review

Don't let the bigger iPhones woo you away: The XS is still a masterpiece

Apple’s next smartphone is here -- the iPhone XS. We think it’s the perfect size for an iPhone, and it manages to impress with astounding performance, and sizable camera improvements.
Mobile

Audio company Bragi is suing OnePlus over the word 'dash'

Despite taking steps to change to "Warp Charge," OnePlus is being sued by audio company Bragi over the phone manufacturer's continued use of the word "dash" in the Dash Charging used in OnePlus phones.
Mobile

The best weather apps for Android will keep you dry no matter where you go

You may not be able to change the weather, but you can at least be prepared for it. Check out our guide to the best weather apps for Android, so you'll always know what to expect when you step out the front door.
Mobile

Android 9.0 Pie is finally rolling out to the OnePlus 6

Android 9.0 Pie has been released. But is your phone getting Android 9.0 Pie, and if so, when? We've done the hard work and asked every device manufacturer to see when their devices would be getting the update.
Mobile

Keep the iPhone XS display crack-free with these screen protectors

Apple might have proclaimed the iPhone XS's glass as being its most durable ever, but that's not going to stop you from wincing if you drop your phone. Stay protected with the best iPhone XS screen protectors.
Mobile

Apple iPhone XS Max vs. Huawei P20 Pro: Clash of the titans

Anyone seeking a great new smartphone with plenty of money to spend has two amazing options, but which is better for you? We pit the Apple iPhone XS Max vs. Huawei P20 Pro in various categories to help you choose.
Product Review

With its epic screen, Apple's iPhone XS Max is a phone you can live inside

The iPhone XS Max is here. Should you get the massive 6.5-inch iPhone from Apple? Or should you pick the smaller iPhone XS? We’ve been putting the Max through its paces to find out in our review.
Mobile

Hateful software kills our enthusiasm for newcomer Realme’s $155 Android phone

Realme is a new smartphone brand with an interesting start to life, as it closely mirrors that of OnePlus, a brand we admire. The Realme 2 is its second phone, and we've given it a try to see if it's a winner.