A group of researchers Google Project Zero discovered a dangerous exploit for the mobile operating system Apple. It allows not only to access data on the device, but also to mount a virtual computer in its memory without the user's knowledge.
To exploit the vulnerability, it is enough to send a special PDF file disguised as GIF animation to the victim's smartphone via iMessage. It contains the JBIG2 stream, which is a binary image compression standard previously used in scanners and faxes. Using the technology for calculating the difference between graphically similar characters, hackers were able to implement the vulnerability in such a way as to gain access to read and write operations in any memory regions, taking into account the offset of the data addresses.
After the exploit is launched, a virtual computer is literally deployed on the device, searching for various data in the gadget's memory. Using this hacking method, attributed to the Israeli company NSO Group, a hacker can gain full access to the contents of an iOS gadget.
Google Project Zero experts informed Apple about the discovered iOS security issue back in the fall - and, according to the source, the company has fixed the vulnerability in iOS 14.8, released on September 13, 2021. The source does not specify whether older devices that did not receive this software version are affected by the exploit.
0 Comments:
Post a Comment
Your comment and facebook share will be appreciated