Tencent’s Keen Lab Exposes Malware Vulnerability In iPhone 7
The security team at Apple is surely busy from patching the scary KRACK vulnerabilities that exposed WiFi encryption earlier revealed in October 2017. Another hack that researchers have brought to the front is one that takes advantage of four bugs to run malware on iPhone 7. These are devices running the latest iOS 11.1, again via Wi-Fi.
This hack was shown to the world by Tencent’s Keen Lab, and the hack was a winner at the Mobile Pwn2Own hacking contest run by Trend Micro’s ZDI Initiative in Tokyo, where the researchers were given $110,000 for their successful exploits.
The Keen Lab also earned another $45,000 by using two bugs to exploit Apple’s Safari browser on an iPhone 7. Another $100,000 for an attack on the Huawei baseband processor in the Chinese manufacturer’s Mate9 Pro device.
Read: KRACK: Researcher Discovers Flaws In WPA2 Authentication
No specific information about the malware has been disclosed officially. While speaking to Forbes, spokesperson for the team said,
“The phone connects to a Wi-Fi network and a malicious app is installed. Sensitive information can be exfiltrated from the targeted device.”
Apple, however, has been informed about the vulnerability. They have 90 days to fix them or offer a valid reason for not addressing them, according to Trend. Otherwise Trend will be publishing its own limited advisory.
Read: New Internet of Things Botnet Threatening to Take Down the Internet
It is suggested that users should update to the latest operating system. Even if this won’t protect them from the weaknesses exposed at Pwn2Own. Apple, in the mean time, has patched a slew of weaknesses with iOS 11.1, which include 13 memory corruption bugs, most of which were uncovered by Google Project Zero staffer Ivan Fratric that could’ve allowed hackers to run malicious code on an iPhone.