iOS 10 beta1 - Apps can steal your Photos without permission and Some Coprocessor FW's not signed

Discussion in 'iOS 10' started by perfect_, Jul 4, 2016.

  1. perfect_ macrumors member

    perfect_

    Joined:
    Feb 8, 2016
    #1
    "OGC557:

    We found some new vulnerabilities Apple system mechanism. Some coprocessor firmware protected and not signed, so we can through these vulnerabilities, configuration deformity code to control coprocessor. We are also there are no good methods of use can be achieved using the system level, such as escape.

    We also found a flaw Apple underlying data sharing mechanisms. If you take pictures with the Camera App, other Apps can actually access without your permission, app can extract the pictures you take in an instant from the memory, which is equivalent of directly stealing your photographs. This can cause serious privacy issues. We did a verification and found out that any app in the app store can achieve such function and also bypasses through AppStore validation.

    Of course, we finally showcased iOS 10 jailbreak."

    Source
     
  2. chestvrg macrumors 65816

    chestvrg

    Joined:
    Dec 13, 2010
    #2
    Wow this is a serious vulnerability definitely, maybe in beta2 they'll fix this.
     
  3. iphonedude2008 macrumors 65816

    iphonedude2008

    Joined:
    Nov 7, 2009
    Location:
    Irvine, CA
    #3
    This sounds like a much bigger issue than just stealing selfies or blurry sunset pictures. It seems like apps can bypass sandboxing on RAM and access other data, potentially stealing browsing data and credit cards. The jailbreaking part of me wants this to remain open, but this issue is too frightening to be left unpatched so I can install random tweaks :)
     

Share This Page