Researchers Leverage SSL Certificate Flaw To Launch DoS Attacks On iOS 8 Devices

It's been a mere day since we last talked about an SSL-related vulnerability in iOS, and we couldn't even make it beyond hump day before another popped-up. This one is quite interesting, though, and not to mention quite severe.

iPhone6 34FL 3 Color Spaced Homescreen PRINT

Researchers at Skycure have discovered that by generating a specifically-crafted SSL certificate, iOS will try to render it and go wonky. In simple cases, an app will crash, while in more aggressive situations, the entire phone will crash. Where it can get severe is if someone is exploiting this vulnerability hard, it could mean that an iPhone will get stuck in a reboot loop until it's outside the range of wherever this SSL certificate is being broadcast.

Skycure calls this "No iOS Zone", because if someone understands how the vulnerability can be exploited, they could build a tool that that basically renders all iPhones near to the broadcast useless. This is kind of like the TV-B-Gone of the smartphone world.

The research firm has contacted Apple with information on this flaw, but it hasn't been noted that a fix is en route quite yet. However, Skycure is deliberately keeping all of the important details mum for the time-being, as some serious ruckus could be caused if they got loose.

If you manage to experience this issue before it gets patched, your best course-of-action is to move far from your current location until you can regain access to the phone, and then disable Wi-Fi. Skycure notes that the latest iOS version may also include some important updates, so it'd recommend wasting no time in becoming up-to-date.


Via:  Skycure
Show comments blog comments powered by Disqus