Skycure
Latest
Researchers find another terrifying iOS flaw
It can't have escaped your attention that security experts have declared open season on Apple products over the last few weeks. At San Francisco's RSA conference, an even more terrifying exploit has been revealed that has the power to send your iPhone or iPad into a perpetual restart loop. Mobile security firm Skycure has discovered that iOS 8 has an innate vulnerability to SSL certificates that, when combined with another WiFi exploit, gives malicious types the ability to create "no iOS zones" that can render your smartphones and tablets unusable. Before you read on, grab a roll of tinfoil and start making a new case for your iPhone.
Vulnerability lets attackers hijack iOS apps' web requests over WiFi (video)
Be careful which WiFi hotspots you use -- Skycure has just revealed a web-based exploit that lets attackers hijack a iOS device on the same network through its mobile apps. The technique intercepts some apps' attempts to cache a web status message, redirecting the request to a hostile server; after that, an intruder can stealthily inject malware from any location. Thankfully, there are already some solutions at hand. Victims can uninstall apps to scrub their devices clean, and Skycure has released app code that prevents the web caching from taking place. It may be a while before iOS users can assume that their apps are safe, but we wouldn't expect the vulnerability to remain for long.
