Apple is not having a good week. Shortly after the company’s aggressive battery practices were revealed and Face ID was hacked, something emerged that should concern every iPhone and iPad user.
Security company Check Point has discovered that there is a way to hack all iPhones and iPads, from those running iOS 8 to those running the beta version of iOS 13. As many as 1.4 billion devices might be affected.
What Check Point found is that the very popular SQLite database could be used to exploit the Contacts app integrated into iOS so that a simple search for a contact can fool someone’s iPhone or iPad into running hostile code capable of stealing passwords and other user data.
The crucial question now is why the Contacts app vulnerability exists in the first place. It capitalises on a known bug that Apple has failed to fix for four years. Apparently, the Cupertino-based firm made the mistake of regarding the issue as insignificant. Apple believed that the bug could only be triggered when an unknown app accesses the database – and in iOS, there are, of course, no unknown apps.
The Check Point team, however, used the trusted and seemingly innocuous old Contacts app to send the malicious code that triggered the bug. For now, most iPhone and iPad users are not at high risk: a hacker will first have to access your unlocked iPad or iPhone before running the code, but someone with ill intentions might well find a way around that very soon.
In July, six bugs were discovered in iMessage that enabled hackers to access your private data from anywhere – and one of them has not been patched yet.
Apple might soon fix this particular bug, but what about those that nobody has discovered yet?