Writing for Forbes, Gordon Kelly warns a major security flaw has been discovered in Apple’s iOS operating system:
Picked up by AppleInsider, security firm Check Point has revealed it has found a way to hack every iPhone and iPad running iOS 8 right up to betas of iOS 13. This spread covers eight years of devices (iOS 8 supports the 2011 iPhone 4S) and, with Tim Cook stating there are 1.4BN active iOS devices around the world, this is worrying news for the owners of pretty much all of them.
What Check Point discovered is that the Contacts app built into iOS can be exploited using the industry-standard SQLite database so that any search of Contacts can trick the device into running malicious code capable of stealing user data and passwords.
“SQLite is the most wide-spread database engine in the world,” said Check Point. “It is available in every operating system, desktop and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite.”
But the real shocker is why the Contacts app vulnerability exists in the first place: it capitalises on a known bug which Apple has failed to fix for four years.
Yes, it’s a lazy oversight with potentially serious consequences. For now, the saving grace is hackers need access to your unlocked iPhone or iPad to exploit it but this may change. After all, just last month six flaws were found in iMessage which allowed hackers to read your files from anywhere and one of them remains unpatched to this day.