Threat Watch

Wormable, Wireless iOS Exploit Granting Full iPhone, iPad Device Takeover Released

Recently, researchers from Google’s Project Zero team have released a detailed explanation for a wormable iOS exploit that leverages the Apple Wireless Direct Link (AWDL) along with BSS Steering to remotely takeover nearby iOS devices. AWDL is used by some of the common Apple local network communication functionality, including Air Drop. AWDL essentially sets up a distributed wireless mesh network for iOS devices, which allow for easy sharing. While AWDL can be disabled, the attack detailed in the Project Zero writeup will also remotely enable AWDL before running the exploit. This vulnerability was patched in May of 2020, and was instantly noticed by some exploit-focused companies, indicating that this vulnerability might not have been as unknown as previously thought.

ANALYST NOTES

Apple has patched the vulnerability discussed in this writeup in May of 2020, so Binary Defense recommends ensuring all iOS devices have received the iOS 13.5 update from May. For organizations that issue company-owned iPhones, evaluating options for a Mobile Device Management (MDM) solution can help ensure that devices are patched, and quickly remediate compromised lost or stolen devices.

https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html