A new security vulnerability dubbed the “No iOS Zone” has been discovered by mobile threat defense provider Skycure that renders iOS 8 useless when users are in the range of malicious wireless hotspot. Another Wifi bug which was thought to be fixed by the 8.3 update, returned to the Apple devices.
The security flaw sends a malicious secure sockets layer (SSL) certificates, to crash apps and the mobile operating system itself. The iOS devices are put in a continuous reboot cycle.CEO of Skycure Adi Sharabani, and Yair Amit, the company’s CTO explained the vulnerability at the RSA conference in San Francisco on Thursday. Sharabani stated that any individual can create a WiFi hotspot that forces users to connect, and the manipulated traffic is used to crash the apps and operating system.
“Attackers can regenerate a bug and cause apps that perform SSL communication to crash at will,” said Sharabani.
SSL certificates are widely used in apps for their security, in turn making the apps vulnerable. Israel-based Skycure mentioned that any delay in patching the vulnerability is likely to impact businesses. The company has reported the vulnerability to Apple, and is working together to solve the problem. Several precautionary measures were explained to users, for preventing the attack like disconnecting from a suspicious Wifi network. In case of a WiFi network with bad signal, and crashing of apps, users are advised o disconnect from the network. Users are advised to update the device to the latest iOS 8.3.
The WiFi bug, which returned to iOS 8 devices, this month has frustrated Apple users. The bug cuts off the user from a WiFi network, and has not been fixed by the iOS 8.3 update. Though Apple claimed to have fixed the bug, users started to face the same problems. Apple is likely to release a small update to fix the issues, with the security flaw being a priority.[ Source ]