Apple’s stock firmware for its new iPhones and iPads has been cracked by a hacker who has used a custom version of a Windows backdoor to gain access to all three models.
The exploit, dubbed “Bashk”, allows hackers to access and control all three iPhones and can be used to perform the same type of attacks as the recent “Dark Web” attack on Apple’s servers that was first reported by MacRumors.
Affected versions of iOS 8.4.1, 8.5.1 and 8.6.2 have the “brute force” ability to bypass the Secure Enclave (SEMA) security mechanism, allowing a remote attacker to perform many of the same attacks as in the recent Dark Web attack on the servers.
Bashkit’s exploits are based on a specially crafted Windows program, which was previously published in the open source project SuperDuper, according to security researchers at Kaspersky Lab.
The “bruteforce” ability allows hackers with the right permissions to bypass SEMA, the researchers said.
The exploits were discovered in the latest batch of “BASHK” samples from the SuperDupe project, which were released by a group of researchers at the University of Waterloo on Thursday.
SuperDuplers were used by attackers to take control of the affected iPhones from users who had previously been able to remove or reset the firmware.
“BashK” is based on “Fiddler” from the Dark Web, the developers of which published an exploit for it on Github last year.
Super Duplers have been used in the past by Chinese hackers and North Korean hackers to take over systems, as well as by cybercriminals to gain information on targets.BASHk is based in a custom Windows backdoor that exploits the “Fiddlers” exploit, according the Super Duper team.
Fiddlers is a variant of a popular exploit called “Crypto” that was originally developed for the Linux kernel.
It allows attackers to exploit a Windows vulnerability by exploiting the Windows kernel, according SuperDuple.
Bashiok’s code is written in C# and has been published on Github.
In the process of compiling it, he used a modified version of the “BASIC” shellcode, which is a Windows command line tool, according Kaspersk.
Superduplers has been used to execute code on more than 200,000 infected iOS devices, according a research paper released last week.
Kaspersky researchers also discovered that one of the Superduper exploits was based on the Superdoodle.
Superdoodles are used by many other hackers to bypass security protections on vulnerable devices.
Superduper is still being investigated and there are many ways to bypass Apple’s SEMA security mechanisms, including disabling or deactivating SEMA.
The researchers said they have not yet confirmed that Apple has fixed the flaws that allow the “fiddlers attack” to take place.
Apple did not immediately respond to a request for comment.