Google discovered iPhone WiFi exploit that required zero user interaction

Google Project Zero security researcher Ian Beer discovered a stunning security vulnerability in the iOS operating system used by Apple's iPhone lineup. The security researched discovered a memory corruption bug in the iOS kernel that allowed remote access to the entire phone. To make matters worse, the exploit not only worked over WiFi with zero user action required, but it was also wormable. Development of a proof-of-concept took him six months and required multiple zero-day exploits.

ARS Technica has more technical details over here and Beer has his 30,000 writeup at the Project Zero blog.

“This is a fantastic piece of work,” Chris Evans, a semi-retired security researcher and executive and the founder of Project Zero, said in an interview. “It really is pretty serious. The fact you don’t have to really interact with your phone for this to be set off on you is really quite scary. This attack is just you’re walking along, the phone is in your pocket, and over Wi-Fi someone just worms in with some dodgy Wi-Fi packets.”

...

Beer developed several different exploits. The most advanced one installs an implant that has full access to the user's personal data, including emails, photos, messages, and passwords and crypto keys stored in the keychain. The attack uses a laptop, a Raspberry Pi, and some off-the-shelf Wi-Fi adapters. It takes about two minutes to install the prototype implant, but Beer said that with more work a better written exploit could deliver it in a “handful of seconds.” Exploits work only on devices that are within Wi-Fi range of the attacker.

Apple patched the vulnerability earlier this year. There's no evidence this was ever exploited in the wild.