A HACK THAT let an attacker take full remote control of iPhones without user interaction is bad enough. One that can also then spread automatically from one iPhone to the next is practically unheard of. But a report published this week by Ian Beer of Google’s Project Zero bug-hunting team lays out a sinister yet elegant roadmap for how an attacker could have done just that before Apple released fixes in May.
Beer’s entire attack stems from a simple, well-known type of vulnerability—a memory corruption bug—in the iOS kernel, the privileged core of an operating system that can access and control pretty much everything. The genius of the attack, though, is that the bug was exploitable through an iPhone’s Wi-Fi features, meaning that an attacker just needed some antennas and adapters to launch the assault whenever they chose, compromising any nearby iOS device.