Several points from this research: 1. Keep everything up to date; 2. The ‘layer-cake’ of open source components used in just about every application means that even if you trust the developer, you can’t trust the app; 3. If you’re a developer make sure you implement trust boundaries in a way that ‘trusted input’ really can be trusted. Time to build a threat model for your app stack?…:
[…] At DEF CON last week, Check Point researchers demonstrated two real-life scenarios involving their technique. In the first scenario, the researchers deliberately infected their device with a password-stealing malware and then showed how they could execute code on the malware author’s command and control servers to take over the crooks’ systems.
The second demo focused on the iPhone iOS. By replacing a certain database on the device, the researchers were able to both gain administrative privileges and create a persistent backdoor capable of surviving across reboots. “These two capabilities bypass Apple’s hard work on their sandbox and secure boot mitigations,” Gull said.
Apple earlier this year issued patches against the vulnerabilities exploited (CVE-2019-8600, CVE-2019-8598, CVE-2019-8602, and CVE-2019-8577) in the SQLite attack that the Check Point researchers demonstrated last week.