Published: Tue, August 13, 2019
Electronics | By Kelly Massey

$1 Million From Apple For Reporting Critical Security Issues In Company Products

$1 Million From Apple For Reporting Critical Security Issues In Company Products

Picked up by AppleInsider, security firm Check Point has revealed it has found a way to hack every iPhone and iPad running iOS 8 right up to betas of iOS 13.

For those unaware, SQLite is the most widespread database engine in the world and is used for development across platforms no matter the OS, browser or the device.

What Check Point discovered is that the Contacts app built into iOS can be exploited using the industry-standard SQLite database so that any search of Contacts can trick the device into running malicious code capable of stealing user data and passwords. They exploited the SQLite vulnerability as well as a known bug for four years to manipulate the Apple Contacts app. More specifically, it targets its reliance on the SQLite database format that's used pretty much everywhere from Windows 10 and macOS to Safari, Firefox and Android.

Since the Contacts app is a "trusted source" on iOS, once the researchers replaced a specific component of the Contacts app, the malicious code could be activated and carry out the hacker's commands with iOS being none the wiser. "Luckily for us, SQLite databases are not signed", the researchers were quoted as saying.

This time, company officials go even further, providing reputable security experts with modified iPhone kits, with some of the iOS security systems already deactivated, in order to allow easier investigation of hard be tested under normal conditions of use.

Meteor Shower To Take Center Stage At Long Island Beaches
Experts say that viewing the shower in the days leading up to the peak may provide better viewing due to the slightly dimmer moon. When this happens, the number and intensity of shooting stars zipping across the night skies will skyrocket.

On a similar note, before the FaceTime error emerged earlier, a 14-year-old high schooler from Arizona tried to alert Apple of the problem.

The announcement was made by Ivan Krstić, Apple's head of security, at the most recent Black Hat conference in Las Vegas, American media website, CNET reported. But the recent revelations of serious bugs in iMessage and FaceTime emphasize that even Apple devices are vulnerable to hacking.

Actually, the tech behemoth aims to offer researchers fraction of its invite-only bug bounty project with handsets that are not as locked down as the user variant.

Project Zero, a section of Google's research team, found six vulnerabilities in iPhones past year.

Like this: