A newly revealed — and, importantly, already patched — iOS exploit allowed hackers to access and gain control over nearby iPhones using a proprietary Apple wireless mesh networking protocol called AWDL (Apple Wireless Direct Link).
Discovered by security researcher Ian Beer, a member of Google’s Project Zero team, the AWDL scheme enabled remote access to photos, emails, messages, real-time device monitoring, and more.
As detailed in an exhaustive technical breakdown posted to the Project Zero blog on Tuesday, Beer uncovered the mechanism behind the exploit in a 2018 iOS beta that accidentally shipped with intact function name symbols tied to the kernel cache. After poking around in Apple’s code, he uncovered AWDL, a cornerstone technology that powers AirDrop, Sidecar, and other tentpole connectivity features…
The process took six months to develop, but when Beer was done, he could hack any iPhone in radio proximity… Apple patched the vulnerability in May with iOS 13.5 and a spokesperson for the company said a majority of its users are using updated software. Beer has found no evidence that the technique was used in the wild.
MacDailyNews Take: So, if you’re running iOS 13.5 or higher, as most of us are (92% of all devices introduced in the last four years; 81% of all devices), you’re all set.
Here’s the exploit explained in video form: