Flaw In iOS 7 Lets Attackers Take Control Of Users iPhones

  /     /     /  
Publicated : 22/11/2024   Category : security


Flaw In iOS 7 Lets Attackers Take Control Of Users iPhones


SIRI vulnerability enables attackers to act on users behalf -- even when iPhone is locked



A security flaw in Apples iOS 7 operating system could enable unauthorized users to send messages or make social network postings on an iPhone owners behalf -- even when the phone is locked, researchers reported Friday.
The vulnerability, which was disclosed Friday by researchers at application security vendor Cenzic, enables an attacker or prankster to use the SIRI personal voice assistant to crack a locked iPhone and execute tasks that would normally require user permission, such as sending email or posting to Facebook.
In a
blog describing the iPhone flaw
, the Cenzic researchers said they were able to use a locked iPhone belonging to a third party to send email and texts, make calls, access contact information, and make updates to Facebook and Twitter, all with the users accounts and without the users knowledge.
Imagine someone stealing your iPhone and -- without knowing your passcode – sending messages, email, or social network postings to your friends and contacts, posing as you, the blog says.
The researchers posted a
YouTube video
demonstrating the ability to use SIRI on a third partys locked iPhone to make an update on the third partys Facebook page. They also reported the ability to collect and steal the personal information of contacts stored in the iPhone.
The flaw also works on some tasks under iOS 6, the researchers say. End users should take care not to let others use their iPhones, and may want to consider disabling SIRI until Apple fixes the problem, the blog states.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security

▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security

▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Flaw In iOS 7 Lets Attackers Take Control Of Users iPhones