Newly discovered vulnerability affects all the iPhones

Home » Apple

Reading time icon 2 min. read

Calendar icon Published on

by Anmol Mehrotra 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Apple devices are usually safer than other devices in terms of overall security but that doesn’t mean they are perfect. This week at the Def Con hacking conference, Check Point revealed that they have found a vulnerability inside the Contacts app that affects all the iPhones. The surprising aspect is that Apple knew about it for at least 4 years but didn’t fix the bug.

The security firm noted that the app uses SQLite database engine which can be exploited easily to run malicious scripts. According to a report published by the security firm, researchers bypassed Apple’s trusted secure boot mechanism and gained administrative rights. Usually, when an iPhone is booted, iOS runs secure boot that forces all the executable files to be signed but SQLite is not signed which means anyone can sneak in a malicious code without triggering Apple’s secure boot.

Check Point also noted that the hacker would need physical access to an unlocked iPhone to alter the Contacts app’s code so as long as you’re not leaving you’re iPhone unattended or it has a password, you’re safe. That said, Check Point has already forwarded the details to Apple so the company can finally patch the bug.

Via LifeHacker

More about the topics: apple, apple iphone, security vulnerability

Anmol Mehrotra

Anmol Mehrotra Shield

Android and Windows News Reporter

Anmol covers Android and Windows news. He's a tech writer with over a decade of experience.

Leave a Reply

Your email address will not be published. Required fields are marked *