A new feature found in iPhone OS 3.0 has also created a new security liability, according to a security group member. The exploit is caused by the OS’ automatic opening of Safari when attempting to connect to a network. Remote-exploit.org co-founder Max Moser explains that when the iPhone joins a network, it tries to run a DNS query for apple.com, and open a simple HTML document stored on Apple’s website. If these two things happen without incident, it functions as normal, but in circumstances in which the DNS query is successful but it can’t retrieve the HTML file, it assumes there is a “captive portal”—a hotspot with a login/pay-to-use screen—and automatically opens Safari. When combined with the penetration testing software karmetasploit, this vulnerability could potentially be used to capture iPhone cookies, account information, and possibly more, depending on what other vulnerabilities are found. While this would require a malicious Wi-Fi network to be setup, which might also pose a threat to other devices, the iPhone’s new automatic connect sequence leaves it more vulnerable than most. [via InformationWeek]
Latest News
- Complete Your Connected Home Setup with the NETGEAR 4-Stream WiFi 6 Router at $20 Off
- Hacking contest awards $300K to iPhone 13 remote jailbreak researchers
- India Apple ID Top-Up promo extends until October 31
- Apple Music app reportedly coming to Playstation 5
- Apple to cut iPhone production by 10 million units due to global chip crunch
- Apple announces new MacBook Pro with M1 Pro and M1 Max chips
- Take home the 2021 iPad Pro and enjoy $100 off
- Apple hires new lead for HomePod and Apple TV
- Fast charging on Apple Watch Series 7 requires 18w USB-C power adapter
- macOS Big Sur and Catalina Safari 15.1 beta released
- MacX Media Management All in 1 Bundle (Lifetime License) is 94% Off
- Treasure Cloud: 4TB Cloud Storage Subscriptions is 81% Off
- Upgrade to a Full-Fledged Gaming Monitor and Save $140 Today
- Eve Online now has Apple silicon support
- Apple joins Blender funding support
- Upcoming Apple TV+ series ‘Shrinking’ features Jason Segel
- iPhone 13 Official MagSafe leather case is now only $50
- Apple reveals AR Logo for ‘Unleashed’ October event
- Apple’s sideloading restriction makes it ‘Safer’ compared to android
- Apple Support App gains AppleCare+ express replacement
- The Essential iMobie for iOS Lifetime Plan Bundle is 80% Off
- Enjoy 4K HDR Streaming with the Apple TV 4K, Now Only $160
- ‘Hey Siri’ functionality arriving on Ecobee SmartThermostat via software update
- Apple fixes photos and find my bug in iOS 15.0.2 update
- Apple reveals new trailer for ‘The Shrink Next Door’