Apple is having a bad week. Just days after Face ID was hackedand the company’s “user-hostile” iPhone battery practices were exposed, an extraordinary story of Apple neglect has resulted in a warning every iPhone and iPad user needs to know about.

Picked up by AppleInsider, security firm Check Point has revealed it has found a way to hack every iPhone and iPad running iOS 8 right up to betas of iOS 13. This spread covers eight years of devices (iOS 8 supports the 2011 iPhone 4S) and, with Tim Cook stating there are 1.4BN active iOS devices around the world, this is worrying news for the owners of pretty much all of them. 

What Check Point discovered is that the Contacts app built into iOS can be exploited using the industry-standard SQLite database so that any search of Contacts can trick the device into running malicious code capable of stealing user data and passwords.

"SQLite is the most wide-spread database engine in the world," said Check Point. "It is available in every operating system, desktop and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite."

But the real shocker is why the Contacts app vulnerability exists in the first place: it capitalises on a known bug which Apple has failed to fix for four years. 

"Wait, what? How come a four-year-old bug has never been fixed?" write Check Point’s researchers in their report. "This feature was only ever considered vulnerable in the context of a program that allows arbitrary SQL from an untrusted source and so it was mitigated accordingly. However, SQLite usage is so versatile that we can actually still trigger it in many scenarios."

In short: Apple got sloppy. As AppleInsider explains: “the bug has been considered unimportant because it was believed it could only be triggered by an unknown application accessing the database, and in a closed system like iOS, there are no unknown apps. However, Check Point's researchers then managed to make a trusted app [the ubiquitous Contacts app] send the code to trigger this bug and exploit it.”

Yes, it’s a lazy oversight with potentially serious consequences. For now, the saving grace is hackers need access to your unlocked iPhone or iPad to exploit it but this may change. After all, just last month six flaws were found in iMessage which allowed hackers to read your files from anywhere and one of them remains unpatched to this day. 

All of which puts Apple in an uncomfortable situation. The company has long touted security as a major selling point over rivals, but the holes keep coming and when this one comes off the back of four years of inaction, it’s not a good look. 

Aditya Kapadiya - Aug 23, 2019, 12:06 AM - Add Reply

You will get here information about how a IPHONE is exposed to hacker.

You must be logged in to post a comment.
Aditya - Aug 23, 2019, 1:20 AM - Add Reply


You must be logged in to post a comment.
Aditya Kapadiya - Aug 23, 2019, 11:18 PM - Add Reply

Surely I will publish more and more post. Thanks for your comment.

You must be logged in to post a comment.
Sawal - Oct 4, 2019, 3:22 AM - Add Reply


You must be logged in to post a comment.

You must be logged in to post a comment.

Related Articles
About Author

I am a blog writer. I write blogs on CYBER SECURITY and provide daily updates by providing CYBER NEWS .

Nov 8, 2019, 3:00 AM - Ramesh
Nov 8, 2019, 2:48 AM - Anwarul Azim
Jul 19, 2019, 6:56 AM - Rasida Akter
Oct 28, 2019, 4:30 AM - Jeffrey Escabarte
Recent Articles
Jul 31, 2021, 3:20 PM - AkashMeena
Jul 31, 2021, 3:06 PM - Usamatsodiq
Jul 29, 2021, 9:23 AM - AkashMeena
Jul 23, 2021, 11:32 AM - Shamad Ansari