From Newsgroup: comp.sys.mac.system
On Fri, 4 Dec 2020 19:02:52 -0500, JF Mezei wrote:
(the kernel, no matter how privileged it might be, has no privilges wen talking to secure enclave)
Hi JF Mezei,
Regarding Ant's recent doublepost of my news-breaking thread (as always)
o An iOS zero-click radio proximity exploit odyssey, by Ant <
https://groups.google.com/g/misc.phone.mobile.iphone/c/gJYr-XnRsr8>
Adults will comprehend the significance of this direct quote:
"AWDL can be remotely enabled on a locked device using the same attack,
as long as it's been unlocked at least once after the phone is powered
on. The vulnerability is also wormable; a device which has been
successfully exploited could then itself be used to exploit further
devices it comes into contact with."
You're not an apologist, so your question is the first adult post to Ant's thread, where the apologistic morons who posted each proved instantly that
they can't even comprehend the news articles at an adult level.
I trust you comprehend the adult content in this quote from the blog:
"As things stand now in November 2020, I believe it's still quite possible
for a motivated attacker with just one vulnerability to build a
sufficiently powerful weird machine to completely, remotely compromise
top-of-the-range iPhones."
Given Google proved iOS has never been sufficiently tested (since at least
iOS 4), it shouldn't even be hard for a well-funded player to pwn iOS.
A VICE article from 2018 gives a good overview of Azimuth vulnerabilities:
o Inside the secretive industry that helps government hackers get around encryption.
<
https://www.vice.com/en/article/8xdayg/iphone-zero-days-inside-azimuth-security>
Keep in mind it was a _single_ bug that allowed full & complete access!
"a single buffer overflow programming error in C++ code in the kernel
parsing untrusted data"
The Google researcher exploited Apple's own snafus and fuckups, in fact, because in 2018, Apple published (by accident, the morons) an iOS beta
without stripping out the function name symbols).
o <
https://twitter.com/s1guza/status/1093424833088622592>
Hence, the researcher (and all hackers on the planet) knew about this:
o IO80211AWDLPeer::parseAwdlSyncTreeTLV
The bored engineer surmised this related to the Wi-Fi Apple Wireless Direct Link which is most likely used by AirDrop amongst other things.
Then, this bored engineer looked at the error message string:
o "Peer %02X:%02X:%02X:%02X:%02X:%02X: PATH LENGTH error hc %u calc %u\n"
Please notice the "LENGTH" error!!!!!!!!!!
o Then note, it didn't work (the checks weren't even written, it seems!).
Literally, the Google coder said "bugs this shallow tend to not work out"
And then, when was shocked to find out that they did, he exclaimed:
o "Can it really be this easy?"
Since you're not an apologist, JF Mezei, you won't simply deny out of hand
all facts you simply don't like about Apple's lack of iOS testing, nor will
you blame Google for Apple's bugs, nor, we hope, as a final defense to
facts, resort to the typical Type III apologists' ad hominem attacks
against anyone bearing facts about Apple products they simply don't like.
The bored engineer patiently explained why the apologists missed the point:
"As things currently stand, there are probably just too many good
vulnerabilities for any of these mitigations to pose much of a challenge
to a motivated attacker. And, of course, mitigations only present in
future hardware don't benefit the billions of devices already shipped
and currently in use."
BTW, what do you think the bored Google engineer suggested Apple do?
1. Clean up it's iOS _core_ code which he said dates to 1985!
2. Invest in modern best practices (Apple is all marketing & low R&D)!
3. Actually _test_ the code for God's sake, instead of just "fuzzing"!
If there are _any_ adults on this newsgroup, those three recommendations
are clearly stated at the bottom of the guy's 30K word blog as his recommendation to Apple to invest at least _something_ in iOS testing! <
https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html>
All quotes are verbatim from referenced articles in this canonical thread:
o Yet again (it never ends) hackers exploit untested iOS insecurities <
https://groups.google.com/g/misc.phone.mobile.iphone/c/7Mc1sX9XISA>
--
The shocking thing is not that it was so easy, but that more clearly exist.
--- Synchronet 3.18b-Win32 NewsLink 1.113