Apple iPhone models are not as secure as the company claims they seem to be. Researchers have discovered that contacts saved on iPhones are helpless against an SQLite hack assault. The assault could taint the device with malware, as indicated by security firm Check Point.
SQLite – the most popular database engine on the world – is accessible in each operating system (OS), desktop and cell phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox, and Android are well-known users of SQLite.
Security firm Check Point has shown a technique being used to manipulate Apple’s iOS Contacts app
Security firm Check Point has shown a technique being used to manipulate Apple’s iOS Contacts app.while searching the Contacts app under these conditions triggers the device to run malicious codes, Apple Insider reported.
The bug has been recognized in the business standard SQLite database. The company’s hack exploiting SQLite database was shown at Def Con conference in Las Vegas.
The report detailed that the hack included supplanting one piece of Apple’s Contacts app. It additionally depended on a known bug that has supposedly not been fixed for a long time after it was first found.
The hack involves replacing one part of Apple’s Contacts app and exploiting a bug that has not been fixed for four years after it was first discovered
As indicated by the researchers, the bug was viewed as vulnerable just when a program permitted discretionary SQL from an untrusted source. The bug was viewed as irrelevant in light of the fact that it was accepted that it must be triggered by an obscure application getting to the database.
The closed nature of Apple’s iOS implies that there are no obscure apps in the system. Check Point researchers noticed, they figured out how to make a trusted app and send the code to trigger this bug and along these lines exploit it.
A particular segment of the Contacts app was supplanted by the researchers. They found that while apps and any executable code needs to experience Apple’s startup checks, a SQLite database is considered not executable.