iOS exploit enables remote access to photos, messages, more without user knowledge

A newly revealed — and, importantly, already patched — iOS exploit allowed hackers to access and gain control over nearby iPhones using a proprietary Apple wireless mesh networking protocol called AWDL (Apple Wireless Direct Link).

iOS exploit enables remote access to photos, messages, more without user knowledge

Mikey Campbell for AppleInsider:

Discovered by security researcher Ian Beer, a member of Google’s Project Zero team, the AWDL scheme enabled remote access to photos, emails, messages, real-time device monitoring, and more.

As detailed in an exhaustive technical breakdown posted to the Project Zero blog on Tuesday, Beer uncovered the mechanism behind the exploit in a 2018 iOS beta that accidentally shipped with intact function name symbols tied to the kernel cache. After poking around in Apple’s code, he uncovered AWDL, a cornerstone technology that powers AirDrop, Sidecar, and other tentpole connectivity features…

The process took six months to develop, but when Beer was done, he could hack any iPhone in radio proximity… Apple patched the vulnerability in May with iOS 13.5 and a spokesperson for the company said a majority of its users are using updated software. Beer has found no evidence that the technique was used in the wild.

MacDailyNews Take: So, if you’re running iOS 13.5 or higher, as most of us are (92% of all devices introduced in the last four years; 81% of all devices), you’re all set.

Here’s the exploit explained in video form:


    1. Because most news outlets are going to put the exploit in the headline, and “This was patched six months ago, and no actual data was ever stolen” will be deep in the text that no one reads.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.