قالب وردپرس درنا توس
Home / Mac / Warning was given to Apple's 1.4 billion iPad and iPhone users

Warning was given to Apple's 1.4 billion iPad and iPhone users




<div _ngcontent-c15 = "" innerhtml = "

Apple is having a bad week. Only days after Face ID was hacked and the company's " user-friendly "iPhone battery practice [19659003] was postponed, an extraordinary story of Apple malpractice has resulted in a warning every iPhone and iPad user needs to know about. & nbsp; & nbsp;

Every iPhone released since 2011 is potentially vulnerable to being stolen the data and passwords

Apple

Retrieved from AppleInsider security company Check Point has revealed that it has found a way to hack every iPhone and iPad running iOS 8 right up to the beta of iOS 13. This spread covers eight years of devices (iOS 8 supports 2011 iPhone 4S), and with Tim Cook about there are 1.4BN active iOS devices around the world, this is worrying news for the owners of virtually all of them. & nbsp;

The Check Point discovered is that the Contacts app built into iOS can be exploited by using the industry-standard SQLite database so that any search in Contacts can trick the device into running malicious code that can steal user data and passwords. & Nbsp;

"SQLite is the most widely used database engine in the world," Check Point said. "It is available in all operating systems, desktops and mobile phones. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite."

But the real shocker is why the Contact app vulnerability basically exists: it exploits a known bug that Apple hasn't been able to solve for four years. & Nbsp;

Apple iOS 12 still has the same vulnerability found in iOS 8

Apple

"Wait, what? How has a four-year-old bug never been solved?" write researchers from Check Point in the report. "This feature was only ever considered vulnerable in the context of a program that allows arbitrary SQL from an untrusted source, and it was therefore muted accordingly. However, SQLite usage is so versatile that we can still trigger it in many scenarios. "

In short: Apple got sloppy. As AppleInsider explains: “The bug has been considered unimportant because it was believed that it could only be triggered by an unknown application accessing the database, and in a closed system like iOS there are no unknown apps. However, Check Point researchers then managed to get a reliable app [the ubiquitous Contacts app] to send the code to trigger this bug and exploit it. ”

Yes, it is a lazy oversight of potentially serious consequences. Currently, the saving grace of hackers needs access to your unlocked iPhone or iPad to take advantage of it, but this may change. After all, just last month, six errors were found in iMessage that allowed hackers to read your files anywhere, and one of them remains inappropriate to this day. & Nbsp;

All this puts Apple in an uncomfortable situation. The company has long touted security as an important selling point over rivals, but the gaps continue to come, and when it comes off the back of four years of inaction, it's not a good look. & Nbsp;

Your move, Apple. & Nbsp;

___

Follow Gordon on Twitter and Facebook

More on Forbes

iPhone owners warned of "User Hostile" Battery Problem &

Apple Partner accidentally unveils iPhone 11 release date

Apple's redesigned iPhone 11 Logic Board now makes sense

Bloomberg Leaks 2020 iPhone camera, USB-C upgrades

Kuo: Every 2020 iPhone to be launched with 5G

">

Apple has had a bad week. Just days after the Face ID was hacked and the company's " user-friendly "iPhone battery practice was exposed, it has an extraordinary history of Apple neglect results in a warning that iPhone and iPad users need to know about.

Every iPhone released since 2011 is potentially vulnerable to their data and passwords being stolen

Apple

Retrieved from AppleInsider security company Check Point has revealed that it has found a way to hack every iPhone and iPad running iOS 8 until beta 13. This spread covers eight years of devices (iOS 8 supports 2011 iPhone 4S), and with Tim Cook saying there are 1.4BN active iOS devices around the world, this is worrying news for the owners of virtually all of them .

The Check Point discovered is that the Contacts app built into iOS can be exploited by using the industry-standard SQLite database so that any search in Contacts can trick the device into running malicious code that can steal user data and passwords.

"SQLite is the most widely used database engine in the world," Check Point said. "It is available in all operating systems, desktops and mobile phones. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite."

But the real shocker is why the Contact app vulnerability basically exists: it exploits a known bug that Apple hasn't been able to fix for four years.

Apple iOS 12 still has the same vulnerability found in iOS 8

Apple

"Wait, what? How has a four-year-old bug never been solved?" write researchers from Check Point in the report. "This feature was only ever considered vulnerable in the context of a program that allows arbitrary SQL from an untrusted source, and it was therefore muted accordingly. However, SQLite usage is so versatile that we can still trigger it in many scenarios. "

In short: Apple got sloppy. As AppleInsider explains: “The bug has been considered unimportant because it was believed that it could only be triggered by an unknown application accessing the database, and in a closed system like iOS there are no unknown apps. However, Check Point researchers then managed to get a reliable app [the ubiquitous Contacts app] to send the code to trigger this bug and exploit it. ”

Yes, it is a lazy oversight of potentially serious consequences. Currently, the saving grace of hackers needs access to your unlocked iPhone or iPad to take advantage of it, but this may change. After all, only in the past month there were six errors found in iMessage that allowed hackers to read your files anywhere, and one of them remains inappropriate to this day.

All this puts Apple in an uncomfortable situation. The company has long touted security as an important selling point over rivals, but the gaps continue to come, and when it comes off the back of four years of inaction, it's not a good look.

Your move, Apple.

___

Follow Gordon on Twitter and Facebook

More about Forbes

iPhone owners warned of "User Hostile" Battery Problem

Apple Partner accidentally reveals iPhone 11 Release Date

Apple's newly designed iPhone 11 Logic Board now makes sense

Bloomberg Leaks 2020 iPhone camera, USB-C upgrades

Kuo: Every 2020 iPhone to be launched with 5G


Source link