A new feature found in iPhone OS 3.0 has also created a new security liability, according to a security group member. The exploit is caused by the OS’ automatic opening of Safari when attempting to connect to a network. Remote-exploit.org co-founder Max Moser explains that when the iPhone joins a network, it tries to run a DNS query for apple.com, and open a simple HTML document stored on Apple’s website. If these two things happen without incident, it functions as normal, but in circumstances in which the DNS query is successful but it can’t retrieve the HTML file, it assumes there is a “captive portal”—a hotspot with a login/pay-to-use screen—and automatically opens Safari. When combined with the penetration testing software karmetasploit, this vulnerability could potentially be used to capture iPhone cookies, account information, and possibly more, depending on what other vulnerabilities are found. While this would require a malicious Wi-Fi network to be setup, which might also pose a threat to other devices, the iPhone’s new automatic connect sequence leaves it more vulnerable than most. [via InformationWeek]
Latest News
- Get These Massively Discounted Beats Solo3 Headphones Today
- Apple ‘Tech Talks’ venture for developers announced
- Rejected Apple Newton VideoPad prototype to go on auction
- Apple Distinguished School adds University of Kentucky to the list
- iPhone 13 MagSafe Battery Pack Gets Significant Discount
- Apple’s $19 Polishing Cloth Sells Out
- Lego Star Wars: Castaways to arrive on Apple Arcade
- Target intends to add Apple Shop-in-Shop ‘Experiences’ by December
- PhoneRescue for iOS lifetime plan is 70% off
- Set Up a Desk MagSafe Convenient Charger Dock at 20% Off
- Unreleased Beats Fit Pro Earbuds photos leaked in Beta iOS 15.1
- Touch ID ring and All-Black Theme revealed for keyboard on new MacBook Pro
- New MacBook Pros tout longer Battery life over predecessor
- Complete Your Connected Home Setup with the NETGEAR 4-Stream WiFi 6 Router at $20 Off
- Hacking contest awards $300K to iPhone 13 remote jailbreak researchers
- India Apple ID Top-Up promo extends until October 31
- Apple Music app reportedly coming to Playstation 5
- Apple to cut iPhone production by 10 million units due to global chip crunch
- Apple announces new MacBook Pro with M1 Pro and M1 Max chips
- Take home the 2021 iPad Pro and enjoy $100 off
- Apple hires new lead for HomePod and Apple TV
- Fast charging on Apple Watch Series 7 requires 18w USB-C power adapter
- macOS Big Sur and Catalina Safari 15.1 beta released
- MacX Media Management All in 1 Bundle (Lifetime License) is 94% Off
- Treasure Cloud: 4TB Cloud Storage Subscriptions is 81% Off