From The Depths Of Counterfeit Smartphones — security look at the counterfeit phones. Spoiler: they’re nasty, stay away. Both the Galaxy S10 and iPhone 6 counterfeits we assessed contained malware and rootkits. And that’s the most straightforward nastiness: even if you removed the rootkit they’d still be shocking. In the case of the “iPhone,” further digging revealed that it runs a far older version of Android: Kitkat 4.4.0. Kitkat’s last update came in 2014.
Fully Remote Attack Surface of the iPhone (Google Project Zero) — very interesting read, showing the detail and dead ends of a security tester. The method […] processes incoming MIME messages, and sends them to specific decoders based on the MIME type. Unfortunately, the implementation did this by appending the MIME type string from an incoming message to the string ‘decode’ and calling the resulting method. This meant that an unintended selector could be called, leading to memory corruption.