iOS Vulnerability Leads to Endless Reboots
Over this week and on the RSA conference security researchers from Skycure company discovered a new iOS vulnerability, this bug have been accidentally found during a network penetration testing. The security team have installed a router and connected the smartphone device to find out the error.
After a thorough investigation they found the actual problem to be a specific SSL-certificate issue. This bug allows attacker to crash application or even make the smartphone into an infinite reboot loop. This is critical for iOS users and both Apple and Skycure are working to fix the issue.
Skycure security researchers have released an exploit script for making the PoC of this vulnerability and it will be possible to run it over the network remotely to cause a massive DoS. SSL protocol is used by most application to encrypt the content and mitigate the man in the middle attack.
As this is still a zero day and no patch released yet by Apple, security researchers decided to not publish the exploit and keep it private.
According to Skycure “Again, we’ve reported the issue to Apple per our responsible disclosure process. As the vulnerability has not been confirmed as fully fixed yet, we’ve decided to refrain from providing additional technical details, in order to make sure iOS users are not exposed to the exploit caused by this vulnerability.”
Demonstration by Skycure
Some of the recommendation to mitigate the risks is by updating your iOS to latest version 8.3 and keep all your application up to date, use only secure wireless network with encryption and if you experience a reboot or application crash turnoff your wifi, it is also important to avoid public Wi-FI.