Published: Tue, August 13, 2019
IT | By Lester Massey

Apple Contacts App Vulnerable To Hacking, Putting iPhone Users At Risk

Apple Contacts App Vulnerable To Hacking, Putting iPhone Users At Risk

The hackers have also built-in persistence, which means that a restart won't rid the iPhone of the malware and thus evades Apple's Secure Boot feature. Security researchers at Chinese internet giant Tencent demonstrated at the annual Black Hat hacker convention in Las Vegas how they managed to trick Apple's Face ID technology in less than 120 seconds. Even so, there is no platform in the world which is 100% secure and the latest research from Check Point software shows that contacts saved on iPhones are vulnerable to hacking attacks that could infect the iPhones with malware.

Most probable only qualified security researchers will be able to get one of these devices.

SQLite is the most widely used database engine in the world. "Luckily for us, SQLite databases are not signed", the researchers were quoted as saying. As AppleInsider explains: "the bug has been considered unimportant because it was believed it could only be triggered by an unknown application accessing the database, and in a closed system like iOS, there are no unknown apps". One such hole would let an attacker "search" for something in the Contacts app to execute arbitrary code and researchers are pointing to Apple's oversight as the reason this bug has existed for four years.

But Check Point has proved that isn't the case, replacing a component in the Contacts app directly. And on iOS, no app is really untrusted. One of the bugs allowed hackers to gain access to your iPhone or iPad by sending you a text message.

This year alone has seen Apple exposed by a variety of flaws and vulnerabilities that could impact their users.

The company announced on Thursday, August 8, 2019 that it is launching a new bug bounty program that will pay anyone up to $1 million when they discover and report security flaws or "bugs" in its macOS, tvOS and iCloud platforms.

Apple is not in the first attempt of this kind, but previous campaigns had much smaller rewards, which did not exceed 200,000 for reporting the worst problems.

It's not just for iPhones either - Apple also announced a Mac bug bounty and is extending it to watchOS and its Apple TV operating system.

Like this: