This is just not Apple’s week. Days after the Face ID was hacked and the battery practices were exposed, we come with yet another bad news for the company.
The security firm Check Point has revealed that they have found a way to hack every iPad and iPhone that runs on iOS 8 to the betas of iOS 13. We are talking about 8 years worth of devices. Tim Cook stated that there are 1.4BN active iOS devices all around the world, and this is terrible news for all of them.
Check Point discovered that the Contacts app from the iOS could be exploited by using the industry-standard SQLite database. This means that any search of Contacts can actually trick the device into running a dangerous code that’s capable of stealing data and passwords.
“SQLite is the most wide-spread database engine in the world,” said Check Point. They also said that it comes with every operating system, mobile phone, and desktop. The most popular users of SQLite are Windows 10, macOS, iOS, Chrome, Safari, Firefox, and Android.
Why was this app vulnerable?
However, the bigger problem is why the Contacts app is so vulnerable. We are talking about a known bug that Apple did not fix for four years. Yes, you have read that right. There are four years. This feature was only considered vulnerable because it is a program that allows arbitrary SQL from an untrusted source. But the usage is so versatile that they can trigger it on so many levels.
Apple got sloppy. The bug was not taken seriously because they believed that it could only be triggered by an unknown app that could get access to the database, and only in a closed system such as iOS. However, researchers managed to make a trusted app, like Contacts, be their worst nightmare.