ZeroDay Vulnerability Allows You To Crash Nearby iOS devices

Security experts Adi Sharabani and Yair Amit from Skycure have revealed a critical zero day vulnerability in iOS 8 that allows attackers to crash nearby iOS devices by exploiting it via a malicious WiFi hotspot.

The attack dubbed as "No iOS Zone" targets iOS users connected to a malicious WiFi network. Then the attacker manipulates the traffic (specially crafted SSL certificates) to cause apps and the operating system to crash.

Sharabani said, "There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can't use your Wi-Fi – this is a denial-of-service so you can't use your device even in offline mode."

"As the vulnerability has not been confirmed as fully fixed yet, we’ve decided to refrain from providing additional technical details, in order to make sure iOS users are not exposed to the exploit caused by this vulnerability."

Amit pointed out that the vulnerabilities like WiFi Gate can be combined with this vulnerability to form an easy "No iOS Zone".

How To Avoid  "No iOS Zone" Attacks

Skycure recommends the following:
  • Users should disconnect from the bad Wi-Fi network or change their location in case they experience continuous crashing or rebooting.
  • The latest iOS 8.3 update might have fixed a few of the mentioned threats–users are highly advised to upgrade to the latest version.
  • In general, users should avoid connecting to any suspicious “FREE” Wi-Fi network.

No comments

Powered by Blogger.