An app developer and security researcher discovered an iOS vulnerability that could have allowed threat actors to remotely sabotage and brick the best iPhones using only a single line of code.
Gilherme Rambo found a proof of concept flaw hidden in the internal messaging system; the vulnerability was related to Darwin notifications.
A Darwin notification is a low-level interprocess communication mechanism within iOS and doesn’t require any special privileges to send or receive. It also doesn’t verify the sender, and is available as a public API.
That means that any process or app on iOS could have sent a malicious notification or message for basic updates or status changes and remotely bricked the device. Rambo tells CyberNews that the Darwin notifications interfere with system operations because of the way that certain components on the phone respond to them, which is how they’re able to disrupt normal device functionality.
Rambo first disclosed the issue to Apple in June of last year, and demonstrated his proof of concept named “EvilNotify” by running an app that could cause an iOS device to display specific icons in a status bar. For example, he could cause a “liquid detection” warning, trigger a Display Port connection status in the Dynamic Island or block system-wide gestures for pulling down Control Center, Notification Center or Lock screens.
Additionally, the EvilNotify app could also potentially cause other issues such as ignoring a Wi-Fi connection in order to force a device to use a cellular connection, lock a screen and trigger a device to enter the “restore in progress” mode and other commands.
It is this “restore in progress” mode that Rambo says is most devastating, as there is no way out of it other than by Restarting, which would cause the device to reboot – and it only takes a single line of code in the app to cause this type of crash. Even when the app was not running in the foreground, these notifications worked meaning the device would repeatedly reboot.
Rambo also crafted a widget extension he dubbed “VeryEvilNotify” that would soft-brick a device requiring a user to erase and restore from backup. He adds that even if the device was restored, he suspects the bug would continue to be triggered again and again, making it effective as a denial of service.
Apple has acknowledged and awarded Rambo a bug bounty of $17,500. They’ve also issued a fix for the bug in security updates, which Rambo has confirmed by saying that he’s noted that with the release of 18.3 all issues demonstrated in his proof of concept had been addressed.
If you haven’t updated your iPhone to iOS 18.3, you should do so immediately to patch this and other bugs fixed by Apple in its latest release.
More from Tom’s Guide
Source link
-
-
-
-
-
-
-
-
