- Bad days started for the company, Apple.
- Contact app is built into iOS can be exploited using the industry-standard SQLite database.
- Discovered by the Check Point.
The company, Apple, is currently having a bad week. And after some days Face ID was hacked and the company’s “user- hostile” iPhone battery practices were exposed, an extraordinary story of Apple neglect has resulted in a warning every iPhone and iPad user needs to know about.
That is why Apple is facing so much problems. Each and every iPhone released since 2011 is potentially vulnerable to having their data and passwords stolen.
According to the reports, it was picked by AppleInsider, security firm Check Point has revealed it has found a way to hack every iPhone and iPad . That found way to hack iPhone and iPad which are running iOS 8 right up to betas of iOS 13.
And this spread covers eight years of devices (iOS 8 supports the 2011 iPhone 4S) and, with Tim Cook stating there are 1.4 BN active iOS devices around the world. And surely, this is a worrying news for the owners of pretty much all of them.
Contact app is built into iOS can be exploited using the industry-standard SQLite database. So that any search of Contacts can trick the device into running malicious code capable of stealing user data and passwords. And this was discovered by the Check Point.
The Check Point Says
The Check Point said, “SQLite is the most wide-spread database engine in the world.”
Adding to the statement it said, “It is available in every operating system, desktop and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite.”
However, why the Contacts app vulnerability exists in the first place is the real shocker. Because it capitalizes on a known bug which Apple has failed to fix for four years.
The researchers of Check Point wrote in their report, “ Wait, what? How come a four-year-old bug has never been fixed?”
Adding in their report they wrote, “this feature was only ever considered vulnerable in the context of a program that allows arbitrary SQL from an untrusted source and so it was alleviated accordingly. But, SQLite usage is so versatile that we can actually still trigger it in many scenarios.”
Speaking of the gist, Apple got sloppy . As AppleInsider explains: “the bug has been considered unimportant because it was believed it could only be triggered by an unknown application accessing the database, and in a closed system like iOS, there are no unknown apps. But , Check Point researchers then managed to make a trusted app [the ubiquitous Contacts app] send the code to trigger this bug and exploit it.”
And of course, it’s a lazy oversight with potentially serious consequences.