“Adi Sharabani and I have identified another iOS security issue (CVE-2016-1730), which was just officially fixed by Apple as part of iOS 9.2.1,” Yair Amit writes for Skycure. “This latest iOS vulnerability is added to past Skycure research that has significantly contributed to improving the security and mobile threat defense of iOS users, including HTTP Request Hijacking, Malicious Profiles, Invisible Profiles and No iOS Zone.”
“The new vulnerability identified by Skycure involves the way iOS handles Cookie Stores when dealing with Captive Portals,” Amit writes. “When iOS users connect to a captive-enabled network (commonly used in most of the free and paid Wi-Fi networks at hotels, airports, cafes, etc.), a window is shown automatically on users’ screens, allowing them to use an embedded browser to log in to the network via an HTTP interface. As part of Skycure’s continuous research on network-based attacks against mobile devices, we found that the embedded browser used for Captive Portals creates a vulnerability by sharing its cookie store with Safari, the native browser of iOS.”
“We reported this issue to Apple on June 3, 2013,” Amit writes. “This is the longest it has taken Apple to fix a security issue reported by us. It is important to note that the fix was more complicated than one would imagine. However, as always, Apple was very receptive and responsive to ensure the security of iOS users. Starting with iOS 9.2.1, iOS employs an isolated Cookie Store for all Captive Portals. As with almost any update for iOS, we recommend users and organizations upgrade to the latest iOS version promptly.”
Full article here.
MacDailyNews Take: If you haven’t already, update your iPhone, iPad, and/or iPod touch devices to iOS 9.2.1 ASAP.
Dan Goodin @Ars Technica added:
There are no reports of exploits in the wild.
http://arstechnica.com/security/2016/01/ios-cookie-theft-bug-allowed-hackers-to-impersonate-users/
I continue to be concerned at how slowly Apple is repairing reported security holes, despite the report that “the fix was more complicated than one would imagine.” That’s 2.5 years to fix this vulnerability. Why?
Probably took that long for the NSA to infiltrate Apple to add the “fix”. Just look at the career positions the NSA and CIA have been posting over the last 2 years.
Do you think I’m kidding? apple, watch your back(door).
Sure it does
ok
I wish they’d add a captive portal to past-gen AppleTVs through a software update. Getting my 3rd-gen ATV on hotel wifi is seriously convoluted.
Once updated, you will ONLY be able to use Apple chargers. no others that are currently working will work AFTER you’ve updated to 9.2.1. I hesitate to download the update until I stock up on “apple” chargers.
Have had no problem with a non Apple charger.