resources reporting iPad vulnerability
Especially interesting because of this FAILURE of the most basic QA principle of Limit testing: (and corollary “buffer limit testing“) many years after Apple achieved titan status.
https://www.vulnerability-lab.com/get_content.php?id=2018 Document Title: =============== Apple iOS v10.1.1 - Access Permission via Buffer Overflow References: =========== https://www.vulnerability-lab.com/get_content.php?id=2018 Video: https://www.youtube.com/watch?v=yygvBJBFy4s Reference: http://www.hemanthjoseph.com/2016/11/how-i-bypassed-apples-most-secure-find.html Release Date: ============= 2016-12-01 Vulnerability Laboratory ID (VL-ID): ================================== 2018
~~~~~ ars technica ~~~~~
Apple’s Activation Lock feature, introduced in iOS 7 in 2013, deters thieves by associating your iPhone and iPad with your Apple ID. Even if a thief steals your device, puts it into Recovery Mode, and completely resets it, the phone or tablet won’t work without the original user’s Apple ID and password. This makes stolen iDevices less valuable since they become more difficult to resell, and it has significantly reduced iPhone theft in major cities.
The feature has been difficult to crack, but a new exploit disclosed by Vulnerability Lab security analyst Benjamin Kunz Mejri uses a buffer overflow exploit and some iPad-specific bugs to bypass Activation Lock in iOS 10.1.1.
How security flaws work: The buffer overflow | Ars Technica