Apple fixes iOS a serious vulnerability, hackers can be from the device to steal cookies-CVE-2 0 1 6-1 7 3 0-a vulnerability warning-the black bar safety net

ID MYHACK58:62201671279
Type myhack58
Reporter 佚名
Modified 2016-01-22T00:00:00


Recently, Apple fixes iOS a serious vulnerability. This vulnerability allows hackers to masquerade as the end user, access to the web unencrypted cookie read and write permissions. With the Tuesday release of iOS 9.2.1, the vulnerability is repaired, from it first being reported to Apple has lasted three years. This vulnerability is called a“Captive Portal”to force the home page vulnerability was originally developed by network security company Skycure Adi Sharabani and Yair Amit discovered them in 2 0 1 3 year 6 month privately reported to Apple. Vulnerability how to produce The vulnerability is because the iOS on Captive Portals store cookies the way out of the question, it generates a login page, requiring the user to First Connect to the free weak public wifi hotspot, forced to jump to the page for authentication. So, when a user in the use of vulnerable iOS products when they are connected to such a network after the occurrence of the following case, this case usually occurs in cafes, hotels, airports. ! iOS vulnerability leads to cookie theft Once accepted, the affected user may normally access to the Internet. However, the embedded browser share Safari browser is not stored in the encrypted cookie. According to Skycure released Wednesday blog post, said the vulnerability could allow a hacker to create fake Captive Portal, and access to wifi, once the iOS users to connect, they can steal on the device unencrypted cookie. Hackers can perform attacks list According to researchers, the Captive Portal vulnerability lets hackers: Analog attack: hackers can steal the user's unencrypted HTTP. cookie, and then disguise the victim log into a website. Conduct session fixation attacks: the hacker will make the victims into a hackers control of the account, because the cookie is shared storage. When the victim is using Safari mobile browser to browse an affected website when they are logged in hacker's account, rather than your own. To specify the site of the cache poisoning attacks: a hacker will give the victim returns the cached header of the HTTP response packet. In this case, the hacker may be among the victims each time through the Safari mobile browser connected to the site, perform the malicious JS script. For your device hit on patch The vulnerability affects the iPhone 4S and iPad 2 and later versions. However, the vulnerability in iOS 9.2.1 after being repaired. After this, the Captive Portal cookie will be individually stored, thereby to avoid the hackers attacks. Skycure says this is an Apple fix for a maximum period of one vulnerability, but the patch hit, after all, complex, temporarily not seen on the Internet have to bypass it signs. So, in order to allow you to evade such an attack, Please in the Settings menu where to download iOS 9.2.1, update your system.