Apple has always been associated with being secure and virus-free, however, that is not always the case. While there have been bugs and vulnerabilities that may be specific to certain apps or iOS updates, a recent hack may put every iPhone and iPad running iOS 8 to the beta iOS 13 in danger. That makes up eight years’ worth of products and potentially over a billion devices.
SQLite & Apple Contacts
Security firm Check Point revealed that it had found a way to hack the Apple devices using the Contacts app that is built into iOS and can exploit it with a common database engine, SQLite. By doing so, they are able to trick the device into running malicious code that can seal sensitive data and passwords.
“SQLite is the most wide-spread database engine in the world,” said Check Point. “It is available in every operating system, desktop and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite.”
Exploiting an iOS Bug
The issue stems from known bug which Apple has failed to fix four years ago because it didn’t see it as a threat. As AppleInsider explains: “…the bug has been considered unimportant because it was believed it could only be triggered by an unknown application accessing the database, and in a closed system like iOS, there are no unknown apps. However, Check Point’s researchers then managed to make a trusted app [the ubiquitous Contacts app] send the code to trigger this bug and exploit it.”
What to Do About This iOS Vulnerability
If you have an iPhone or iPad, don’t panic just yet. For a hacker to exploit this they would need access to your unlocked device. However, that is not to say they won’t find new ways around this. Don’t forget it started with an exploit that was four years old and deemed to not be a threat, so it should always be taken seriously. Hopefully with this latest revelation Apple will take that bug seriously now and find a solution for it in upcoming iOS releases.
Download our Guide to Securing Remote Access in the meantime if you would like to learn how to secure your devices against bugs.