One of the security threat lies in the contact app itself which just requires a hacker to search and run any arbitrary code that could lead to much greater issues in the long run.
Researchers have pointed out this threat to be one of the most neglected sections on the part of the company which has overlooked the bug issues that went unsolved for years in continuation.
The bug is not present in the Apple code but is present in the SQLite which happens to be one of the standard databases that are used in Android, iOS and many such mobile platforms and lite Industries.
The bug was identified in 2015 and was reported against both MacOS X and iOS. However, it was not resolved for the iOS since Apple didn’t consider it viable enough for another unauthorized app accessing the iOS SQLite Database was seemingly impossible since iOS has no untrusted app or unchecked policy.
The presence of other vulnerabilities and hacks that made the trusted app behave erratically is the truth and in the Reported research by Checkpoint through AppleInsider, the case with Apple contact app is not a miracle.
The hackers have modified the app in order to make it more sensitive to running codes and commands where a simple search for contacts can crash the app and steal passwords or do negative actions such as account takeover.
“Wait, what? How come a four-year-old bug has never been fixed?” write the researchers in their document. “This feature was only ever considered vulnerable in the context of a program that allows arbitrary SQL from an untrusted source and so it was mitigated accordingly. However, SQLite usage is so versatile that we can actually still trigger it in many scenarios.”
“In other words, the bug has been considered unimportant because it was believed it could only be triggered by an unknown application accessing the database, and in a closed system like iOS, there are no unknown apps. However, Check Point’s researchers then managed to make a trusted app sends the code to trigger this bug and exploit it.“ States the report under claims.