Many security exploits require at least some kind of interaction on your part, but that wasn’t true for an iPhone exploit earlier this year. As Ars Technica reports, Google Project Zero researcher Ian Beer has detailed an iOS 13 exploit that let someone remotely control a device over WiFi using a “zero-click” attack — that is, with no input required from the target.
The exploit took advantage of a buffer overflow bug in a driver for the in-house mesh networking protocol used for features like AirDrop. As that driver sits in the operating system’s kernel, which has extensive privileges, a successful hack could have dealt extensive damage. An intruder could have installed an “implant” that accessed sensitive info like cryptographic keys and photos, for instance.