In the meantime, I have contacted Apple and will update this article when/if I receive a response. When will this happen? Apple iOS 14.7 is currently in beta testing though I would be surprised if a fix (potentially iOS 14.6.1) is not released sooner. That’s why applying the fix as soon as it’s available will be important. As soon as you can force a device into behaving unexpectedly, you open up new vulnerabilities. But what is clear is that Apple would have been surprised by the WiFi flaw and will be hurrying a fix. Shulman’s firm focuses on airborne attack security, and so his claims should be viewed in that context. These three incidents are drawing a clear trend line of this new attack surface." Recent months have seen a slew of published digital airborne attacks - the AWDL attack, FragAttacks and this one. Given their stealthy nature we’re bound to see more such attacks. “Airborne attacks are new and an as-yet unaddressed threat vector. Now that researchers are starting to dig into Wi-Fi protocols, we should expect more such vulnerabilities, across all operating systems, to surface.”Īpple has yet to fix the current flaw and Sulman believes Apple and other tech giants are poised to enter a new game of Whack-a-mole as hackers eye up a rich seam of airborne attacks. network recognition) may still be vulnerable. “Though it has not yet been used beyond the realm of pranks, the new Apple format string vulnerability shows that even the most fundamental message exchange over the wireless medium (i.e. The broker Zerodium, for instance, will pay up to 500,000 for a security weakness that can be used to hack a user through Safari, and up to 2m for a fully developed piece of malware that. Moreover, Shulman notes that this is a problem which is set to grow both in terms of threat and targets: cases where very long URLs or hostnames that are used for phishing are displayed only partially in the address bar).” Shulman also points out that iPhone support for “multi line” SSIDs mean “an attacker could potentially create a network name whose first line is ‘legit’ and the next line contains the specially crafted format string.” The company made the announcement earlier this month. “Consider the case where there would be a way to hide the last part of a network name upon connection (e.g. Hackers broke into the systems of Electronic Arts, one of the world’s biggest video game publishers, and stole source code used in company games. While there is no proof this latest issue can be exploited for more than knocking an unsecured iPhone off comms, any vulnerability combined with others is dangerous. Shulman is also critical of industry reporting of the flaw, which focused on the current exploit needing an unusual WiFI SSID.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |