Slashdot Mirror

← Back to Stories (view on slashdot.org)

New iPhone Attack Kills Apps, Reroutes Web Traffic

Posted by kdawson on from the dead-cert dept.

Trailrunner7 sends in a threatpost.com article on exploiting flaws in the way the iPhone handles digital certificates. "[Several flaws] could lead to an attacker being able to create his own trusted certificate and entice users into downloading malicious files onto their iPhones. The result of the attack is that a remote hacker is able to change some settings on the iPhone and force all of the user's Web traffic to run through any server he chooses, and also to change the root certificate on the phone, enabling him to man-in-the-middle SSL traffic from that phone. ... Charlie Miller, an Apple security researcher at Independent Security Evaluators, said that the attack works, although it would not lead to remote code execution on the iPhone. 'It definitely works. I downloaded the file and ran it and it worked,' Miller said. 'The only thing is that it warns you that the file will change your phone, but it also says that the certificate is from Apple and it's been verified.'"

4 of 125 comments (clear)

  1. Re:Heh by interkin3tic · · Score: 0, Flamebait

    ::cue "see, Apple isn't perfect" comments::

    See? Apple isn't perfect!

    Now cue "It's not a bug / a missing feature / an intentionally and pointlessly broken function / restriction put there by business interests to get you to spend more money for shit you already own, it's a feature" in 3...2...1...

  2. Re:Heh by sopssa · · Score: 0, Flamebait

    But everyone on slashdot always tells that Linux and Mac OSX have no vulnerabilities, that it's only on Windows!

  3. Re:Heh by AHuxley · · Score: 0, Flamebait

    No in the wild easy to find virus for a Mac running OS X at this time.
    As for physical access of self install, have a look at
    http://www.iantivirus.com/threats/
    Nice long list but few are 'I was just surfing the net and ...."
    No chatter in forums, irc, slashdot ect.
    So someone must be keeping Mac hack sites very much as a needs to know or the spooks want people to trust Macs ;)

    --
    Domestic spying is now "Benign Information Gathering"
  4. Re:Heh by DigitalPioneer · · Score: 0, Flamebait

    Apple claims Mac is more secure, but that's an outright lie. Even Windows is more secure than Mac, it's just that no-one actually targets Macs because half their userbase is morons who don't have any money anyways. They spent it all on their Mac.