How a Single Line Of Code Could Brick Your iPhone
a year ago
- #Vulnerability
- #iOS
- #Security
- A vulnerability in iOS allows a single line of code to brick an iPhone by exploiting Darwin notifications.
- Darwin notifications are a low-level mechanism for message exchange between processes on Apple's operating systems, requiring no special privileges.
- The exploit involves sending a specific Darwin notification ('com.apple.MobileSync.BackupAgent.RestoreStarted') to trigger a 'Restore in Progress' mode, forcing a reboot.
- A proof-of-concept app, 'EvilNotify', demonstrated the exploit's capabilities, including locking the screen and simulating device restores.
- A more advanced version, 'VeryEvilNotify', used a widget extension to repeatedly trigger the exploit across reboots, effectively soft-bricking the device.
- Apple addressed the vulnerability in iOS 18.3 by requiring restricted entitlements to send sensitive Darwin notifications.
- The researcher received a $17,500 bug bounty for reporting the issue.