1 comment

[ 5.8 ms ] story [ 16.2 ms ] thread
> Azimuth essentially found a vulnerability in a piece of software written by Mozilla, to gain access to the system. It subsequently chained two more exploits together to take over the phone’s processor, and run their own programs on it.

I was interested in this, so looked into the WaPo article they reference.[1]

>> [Dowd] had found one in open-source code from Mozilla that Apple used to permit accessories to be plugged into an iPhone’s lightning port, according to the person.

>> A month or two after the FBI unlocked the terrorist’s iPhone, Mozilla discovered the flaw in its software and patched it in a routine update. So did vendors that relied on the software, including Apple.

Does anyone here know what this bug was, and can point to a more complete explanation?

Edit: Just found this discussion here about this from a day or two ago: https://news.ycombinator.com/item?id=26806528

1: https://thenextweb.com/news/we-finally-know-how-the-fbi-unlo...