A Four-year-old Bug in iOS

Apple’s operating system tagged with fluency and security has always been its biggest selling point. But this does not mean that there are no security bugs. Some of these bugs have been around for years. Recently, a four-year-old bug in iOS was exploited by security researchers at the Def Con 2019 security conference to hack the Apple Contacts app and make malicious consequences.

Actually, this bug is not caused by Apple’s code, but by a security hole in free open source database software used by Apple. This free open-source database software is SQLite. SQLite is the most widely used database engine in the world. Mainstream operating systems such as Windows, Android, Chrome, Mac OS, iOS, Firefox and Safari are popular users of SQLite. This bug allows attackers to implement remote control and run arbitrary code or DoS applications by issuing simple SQL queries.

This bug was reported in Mac OS X and iOS in 2015, but it has not been fixed fours after it was discovered. It is said by Check Point security researchers that the bug was considered not serious enough for Apple to abandon SQLite database security on iOS because it should only be triggered by unknown applications accessing the database. And in close systems like iOS, there are no unknown applications.

The fact, however, is that this bug can be triggered in many conditions. In the case mentioned by the researchers, hackers crash the app or force them to perform other unexpected operations, including stealing passwords, as users entered commands such as searching for Contacts through modifying Apple’s iOS contacts app.

So we can see that Apple devices, which are committed to user privacy and security, are also vulnerable to hacking. Why do not you pay more attention to your personal safety on the Internet? Let’s start by using a VPN to surf the Internet. Try Hotspot Shield, ProtonVPN, CyberGhost and RitaVPN. You deserve more protection for your private information.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like
Read More

Capital One was Hacked

A Seattle woman was accused by Federal prosecutors of stealing data from over 100 million loan applications from Capital One Financial Corp. It is…