‘No iOS Zone’ Threat Explained: Here’s How to Protect iOS 8 Devices
Skycure researchers have stumbled upon an iOS 8 vulnerability that potentially renders one's iDevice unstable -- or worse, totally useless.
Dubbed "No iOS Zone," the flaw is exploited by malicious wireless hotspots, The Register reported. When affected, nearby iPhones, iPads and iPods are said to crash and reboot repeatedly, seemingly resulting in a perpetual cycle that goes on until the device is ultimately dead.
The outlet took note of Adi Sharabani's remarks, Skycure's CEO and co-founder, who said, "Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash."
The researchers have attributed the glitch to a bug that messes up iOS 8's handling of SSL certificates. The Guardian took note of these findings, which revealed, "As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide."
"We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses," the researchers went on.
As told by iTWire, Skycure has previously shown how attackers use Wi-Fi configurations included in "certain carrier settings bundles" to their favor. In this case, the connection is automatically set to a rogue access point.
Skycure is convinced that iOS app crashes may seem a quality issue to many, but it warns that such incidents could mean an actual threat.
According to Engadget, Skycure has already reported its findings to Apple. In the meantime, while the issue awaits resolution, iOS users are advised to abstain from free Wi-Fi networks, keep iOS updated and get out from "No iOS Zones" ASAP.
Skycure intended to keep details only on surface, explaining, "As the vulnerability has not been confirmed as fully fixed yet, we've decided to refrain from providing additional technical details, in order to make sure iOS users are not exposed to the exploit caused by this vulnerability."
Apple has released iOS 8.3 to the public just recently, following a series of beta tests. The update is available as an OTA or iTunes update, Ars Technica said, slated for the iPhone 4s, iPhone 5, iPhone 5s, iPhone 5c, iPhone 6, iPhone 6 Plus, all iPad models (except the first-generation) and the fifth-generation iPod Touch.
The update comes with improved performances and fixes for connectivity (Wi-Fi and Bluetooth), orientation and rotation, messaging, Family Sharing, CarPlay and accessibility, among others.