Def Con 2019 and Hacking iOS Contacts

Under a minute read
| Link

Another Apple hack shown off over the weekend at Def Con 2019 involves iOS Contacts and a SQLite vulnerability. But it’s not something we need to worry about. Emphasis mine:

Documented In a 4,000-word report seen by AppleInsider, the company’s hack involved replacing one part of Apple’s Contacts app and it also relied on a known bug that has hasn’t been fixed four years after it was discovered…

They replaced a specific component of the Contacts app and found that while apps and any executable code has to have gone through Apple’s startup checks, an SQLite database is not executable.

Basically, it sounds like the bug is only available if you specifically remove a key component of Contacts.

Check It Out: Def Con 2019 and Hacking iOS Contacts

Def Con 2019 and Hacking iOS Contacts

2 Comments Add a comment

  1. geoduck

    You, and most of the AI commenters, missed the most important part of the article:

    However, Check Point’s researchers then managed to make a trusted app send the code to trigger this bug and exploit it.

    They made a trusted app, one that could have appeared in the AppStore, that carried the trigger and payload. Sure they just crashed Contacts. But they could have copied the data and sent it to the mothership. Also this vulnerability is not just Contacts, it’s in any app that, like Contacts, uses the SQLLite database. And there are a lot of them. This IS a big thing. But I suspect it will be patched immediatly.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account