{"vulnerability": "CVE-2020-3843", "sightings": [{"uuid": "38273699-51f6-41b7-bd01-6b66f54773fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3843", "type": "published-proof-of-concept", "source": "https://t.me/thesammymove/1228", "content": "How to steal photos off someone\u2019s iPhone from across the street\ud83d\udea8\n\nchannel: @thesammymove \n#thesammymoveNews\n#Apple\n\n\n-In a nutshell, the zero-click exploit uses a setup consisting of an iPhone 11 Pro, Raspberry Pi, and two different Wi-Fi adaptors to achieve arbitrary kernel memory read and write remotely, leveraging it to inject shellcode payloads into the kernel memory via a victim process, and escape the process' sandbox protections to get hold of user data.\n\n-Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical \"wormable\" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi.\n\n-The exploit makes it possible to \"view all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] in real-time,\"\u00a0said\u00a0Beer in a lengthy blog post detailing his six-month-long efforts into building a proof-of-concept single-handedly.\n\n-The\u00a0flaw\u00a0(tracked as\u00a0CVE-2020-3843) was addressed by Apple in a series of security updates pushed as part of\u00a0iOS 13.3.1,\u00a0macOS Catalina 10.15.3, and\u00a0watchOS 5.3.7\u00a0earlier this year.\n\n-\"A remote attacker may be able to cause unexpected system termination or corrupt kernel memory,\" the iPhone maker noted in its advisory, adding the \"memory corruption issue was addressed with improved input validation.\"\n\nWhat to do?\n\ud83d\udea8Tip 1.\u00a0Make sure you are up to date with security fixes, because the bug at the heart of Beer\u2019s attack chain was found and disclosed by him in the first place, so it\u2019s already been patched. Go to\u00a0Settings\u00a0>\u00a0General\u00a0>\u00a0Software Update.\n\n\ud83d\udea8Tip 2.\u00a0Turn off Bluetooth when you don\u2019t need it.\u00a0Beer\u2019s attack is a good reminder that \u201cless is more\u201d, because he needed Bluetooth in order to turn this into a true zero-click attack.\n\n\ud83d\udea8Tip 3.\u00a0Never assume that because a bug sounds \u201chard\u201d that it will never be exploited.\u00a0Beer admits that this one was hard \u2013 very hard \u2013 to exploit, but ultimately not impossible.\n\n\ud83d\udea8Tip 4.\u00a0If you are a programmer, be strict with data.\u00a0It\u2019s never a bad idea to do good error checking.\nFor all the coders out there:\u00a0expect the best, i.e. hope that everyone who calls your code has checked for errors at least once already;\u00a0but prepare for the worse, i.e. assume that they haven\u2019t.", "creation_timestamp": "2020-12-04T13:07:10.000000Z"}, {"uuid": "b8ec86ab-0083-4349-87b4-fb6285dce71e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3843", "type": "published-proof-of-concept", "source": "https://t.me/thesammymove/3503", "content": "How to steal photos off someone\u2019s iPhone from across the street\ud83d\udea8\n\nchannel: @thesammymove \n#thesammymoveNews\n#Apple\n\n\n-In a nutshell, the zero-click exploit uses a setup consisting of an iPhone 11 Pro, Raspberry Pi, and two different Wi-Fi adaptors to achieve arbitrary kernel memory read and write remotely, leveraging it to inject shellcode payloads into the kernel memory via a victim process, and escape the process' sandbox protections to get hold of user data.\n\n-Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical \"wormable\" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi.\n\n-The exploit makes it possible to \"view all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] in real-time,\"\u00a0said\u00a0Beer in a lengthy blog post detailing his six-month-long efforts into building a proof-of-concept single-handedly.\n\n-The\u00a0flaw\u00a0(tracked as\u00a0CVE-2020-3843) was addressed by Apple in a series of security updates pushed as part of\u00a0iOS 13.3.1,\u00a0macOS Catalina 10.15.3, and\u00a0watchOS 5.3.7\u00a0earlier this year.\n\n-\"A remote attacker may be able to cause unexpected system termination or corrupt kernel memory,\" the iPhone maker noted in its advisory, adding the \"memory corruption issue was addressed with improved input validation.\"\n\nWhat to do?\n\ud83d\udea8Tip 1.\u00a0Make sure you are up to date with security fixes, because the bug at the heart of Beer\u2019s attack chain was found and disclosed by him in the first place, so it\u2019s already been patched. Go to\u00a0Settings\u00a0>\u00a0General\u00a0>\u00a0Software Update.\n\n\ud83d\udea8Tip 2.\u00a0Turn off Bluetooth when you don\u2019t need it.\u00a0Beer\u2019s attack is a good reminder that \u201cless is more\u201d, because he needed Bluetooth in order to turn this into a true zero-click attack.\n\n\ud83d\udea8Tip 3.\u00a0Never assume that because a bug sounds \u201chard\u201d that it will never be exploited.\u00a0Beer admits that this one was hard \u2013 very hard \u2013 to exploit, but ultimately not impossible.\n\n\ud83d\udea8Tip 4.\u00a0If you are a programmer, be strict with data.\u00a0It\u2019s never a bad idea to do good error checking.\nFor all the coders out there:\u00a0expect the best, i.e. hope that everyone who calls your code has checked for errors at least once already;\u00a0but prepare for the worse, i.e. assume that they haven\u2019t.", "creation_timestamp": "2020-12-04T13:07:13.000000Z"}, {"uuid": "0990aa91-d513-4fea-a385-8a82776e7fb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3843", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1324", "content": "#exploit\nCVE-2020-3843,\nCVE-2020-9844:\niOS/macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering\nhttps://packetstormsecurity.com/files/158225/GS20200625212312.tgz", "creation_timestamp": "2024-10-29T19:16:49.000000Z"}]}