Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Apple Took 2.5 Years to Repair a Security Error but this Time it is OK


Early this week, when Apple released iOS 9.2.1, it fixed many bugs and security errors and the company was aware of one of these since almost two and half years. Skycure, a security research company, informed Apple in 2013 about this issue. It related to the method iOS devices kept Web cookies, which were related to confined portals.

Attackers required to produce a public Wi-Fi network where they redirect victims to a website, which activates the browser embedded with iOS Captive Network.The embedded browser shares cookie store of Mobile Safari, which is required by the attackers so that they can load and execute their own mischievous content. This kind of WiFi networks are normally found at airports, shopping malls, public squares, hotels or government buildings.

Softpedia posted on 21st January, 2016, stating that the scenario is even more dangerous if you take into consideration that hackers can use WiFiGate attacks, and force all nearby iOS devices to automatically connect their network and successfully stealing cookies from any person who walks into the coverage of a malicious WiFi network.

Yair Amit of Skycure said: "This issue was reported by us to Apple on 3rd June, 2013. This is the longest time taken by Apple to fix a security issue reported by us. It is essential to keep in mind that the fix was more complex than one would envision. Nonetheless, as usual, Apple was very receptive and responsive to guarantee the iOS users security".

Security researcher of Skycure had no idea what Apple required to do for patching the flaw, but he was clear that it was not an insignificant fix. It could have involved a major overhauling of the cookies storage code, or maybe even kernel-level changes. If Apple had to write again part of the kernel, it is possible that changes were important enough which it took until iOS 9 was released before the fault could be addressed.

In the event of all these scenarios of attack, you would think that Apple would quickly fix this issue. Skycure says that the company officially launched iOS 7, and the issue would be fixed in iOS 9.2.1 on 18th January, 2016.

ยป SPAMfighter News - 1/29/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next