6 matches found
iPhone Bug Allowed for Complete Device Takeover Over the Air
Details tied to a stunning iPhone vulnerability were disclosed by noted Google Project Zero researcher Ian Beer. Apple patched the vulnerability earlier this year. But few details, until now, were known about the bug that could have allowed a threat actor to completely take over any iPhone within...
Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones
Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "view all the photos,...
iOS / macOS Wifi Proximity Vulnerability
iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering. if 0 iOS/MacOS wifi proximity kernel double free in AWDL BSS Steering As part of developing an exploit for CVE-2020-3843 a heap overflow in AWDL I've been looking at the code for "BSS Steering". It...
About the security content of iOS 12.4.7 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
About the security content of watchOS 5.3.7
About the security content of watchOS 5.3.7 This document describes the security content of watchOS 5.3.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
CVE-2020-3843
CVE-2020-3843 is an AWDL kernel vulnerability in macOS/iOS where IO80211AWDLPeer::parseAwdlSyncTreeTLV incorrectly handles the SYNC_TREE TLV length. The TLV length is clamped to 1024, but the destination buffer for sync_tree_macs is only 60 bytes (10 MACs), enabling a linear heap overflow when a ...