Earlier this year, Apple patched an iOS vulnerability that potentially could have allowed hackers to remotely access nearby iPhones and gain control of their entire device.
Devised by Ian Beer, a researcher at Project Zero, Google’s vulnerability research team, the exploit used a vulnerability in Apple Wireless Direct Link (AWDL), Apple’s proprietary mesh networking protocol that enables things like AirDrop and Sidecar to work.
Beer revealed the stunning exploit on Tuesday in a 30,000-word blog post, which shows in detail how a memory corruption bug in AWDL could give attackers remote access to a user’s personal data, including emails, photos, messages, and passwords and crypto keys stored in the keychain.
The vulnerability was discovered by Beer in a 2018 iOS beta that Apple accidentally shipped without stripping function name symbols from the kernelcache, offering a wealth of missing context about how bits of code fit together.
After lengthy investigative work,