IIHT Uganda.
High IT Education Institute.
Skycure, a mobile threat defense solutions, witnessed sudden crash of an iOS app while setting the router in a specific configuration and connecting the devices to it.
Elisha and Roy members of research team started to analyze the crashes
further, and identified the source of the problem. They found that by
generating a specially crafted SSL certificate, attackers can regenerate
a bug and cause apps that perform SSL communication to crash at will.
Then they created a script that exploits the bug over a network
interface.
Parsing SSL certificate vulnerability affects the underlying iOS
operating system, and with heavy use of devices exposed to the
vulnerability, the operating system crashes. Under certain conditions,
the devices can be put into a repeatable reboot cycle, rendering them
useless.
For most of the people iOS app crash is simply a quality issue. They just install a different firmware and move on.
But the victim’s device in an unusable state for as long as the attack
impacts a device. Even if victims understand that the attack comes from a
Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated
restart state as shown in the video.
The issues have been reported to the Apple. To avoid this vulnerability exploit the users may take following steps.
1)Users should disconnect from the bad Wi-Fi network or change their
location in case they experience continuous crashing or rebooting.
2)The latest iOS 8.3 update might have fixed a few of the mentioned
threats–users are highly advised to upgrade to the latest version.
3)In general, users should avoid connecting to any suspicious “FREE” Wi-Fi network.
Posted by :
http://www.ehackingnews.com
No comments:
Post a Comment