Security firm CheckPoint recently discovered a security flaw affecting all 1.4 billion Apple devices. Apple has yet to address this issue.
Apple devices are known for their security, however, they’re not impervious to hackers. Security firm CheckPoint recently found a flaw in iOS that could allow malicious users to steal user IDs and passwords. The good news is that the hacker would need physical access to your device to exploit the flaw.
The flaw exploits a known vulnerability in the SQL Lite database. This compact database engine is ubiquitous. It’s a fixture on virtually every operating system.
Apple is aware of this issue and patched it with the assumption that only untrusted apps could exploit the flaw. With Apple’s walled garden, there are no untrusted apps. They’re all distributed through the App Store.
The problem is that the SQL Lite vulnerability can be exploited by the Contacts app itself. Researchers at CheckPoint were able to use the Contacts app to inject code that could exploit the flaw.
The vulnerability affects all 1.4 billion iOS devices running iOS 8 up to and including the latest iOS 13 betas. Hackers need physical access to the device in order to exploit the flaw. With a successful attack, they can steal user IDs and passwords. Until this flaw is patched, its best not to leave your iOS device lying around the office or in public.
This latest security defect comes on the heels of Face ID being hacked at a security conference. As with the SQL Lite defect, the Face ID hack is difficult to execute. Nonetheless, it demonstrates that even the most secure systems can be comprised.
Apple will most likely fix the issue in an upcoming iOS release. If this issue concerns you, make sure to read the release notes for the next version of iOS. In the meantime, ensure that your device is physically secure at all times — a good practice regardless of this vulnerability.