A security researcher / hacker is claiming to have found a significant remote code execution exploit on iPhone and iPad devices running software up to iOS 15. Supposedly, a malicious actor could use the exploit to remotely wipe a nearby iPhone, without the owner of the device doing anything.
The exploit is hands-off from the perspective of the user, such that they even suggest that riding a bike through a city surreptitiously wiping iPhones is a legitimate possibility. Based on the screenshot of the email with Apple security, the issue has been addressed in iOS 15.1.
iOS devices running iOS 15.0.2 and earlier are supposedly vulnerable. iOS 15.1 closes the hole but is currently only available for developers and public beta testers.
The remote code exploit may also have other implications other than a device wipe, depending on how the attack vector in the iOS Bluetooth stack can be abused.
The reply from Apple security suggests that iOS 15.1 will launch in the week after next. Apple has asked that details of the exploit are kept private until the patch has been made available to customers.The hacker plans to release a full proof-of-concept demonstration then.
FTC: We use income earning auto affiliate links. More.