Just one day after Apple released 11.1 to address the Krack Wi-Fi exploit and a long list of other vulnerabilities, iOS has been hacked again.
This time it’s several zero-day exploits discovered as part of Trend Micro’s Zero Day Initiative (ZDI) Pwn2Own hacking contest. ZDI has been scant on details of the exploits, but they have stated broadly what participants have been able to accomplish.
What makes a new Wi-Fi exploit particularly alarming is how fast it was discovered–it was just a few weeks ago that the Crack Wi-Fi exploit affecting almost all Wi-Fi capable devices came to light.
New iOS exploits aren’t limited to Wi-Fi
A research team from Tencent’s Keen Lab were responsible for uncovering the iOS Wi-Fi exploit and an iOS Safari exploit. A second participant, Richard Zhu ( who goes by fluorescence) managed to successfully exploit Safari on iOS as well.
According to the ZDI blog post cataloging the event, the iOS Wi-Fi exploit was accomplished by executing code “through a WiFi bug and escalat[ing] privileges to persist through a reboot.” The four exploits needed to accomplish the task earned Keen Lab $110,000. It’s also important to note that the device the team attacked was running iOS 11.1.
SEE: iOS and Android security: A timeline of the highlights and the lowlights (TechRepublic)
Keen Lab’s Safari exploit “uses 2 bugs, one in the browser and one in a system service, to exploit Safari,” while Richard Zhu “leveraged two bugs to exploit Safari and escape the sandbox – successfully running code of his choice.” The exploits earned them $45,000 and $25,000, respectively.
The year of using an iPhone dangerously
The last thing Apple needs is a revelation of more security holes in its mobile OS. It just patched Krack one day ago, had its secure enclave decrypted recently, has been sending unencrypted Exchange credentials for years, just faced another Wi-Fi attack in iOS 10 with Broadpwn, and was having keychain contents intercepted as plain text.
All that has been in the news since July 2017.
It simply hasn’t been a good security year for Apple, but that’s where Pwn2Own comes in: Representatives from Apple, Google, and Huawei are all present at the event to ask questions of the researchers and help their companies understand just what was discovered.
SEE: The Complete iOS 11 Developer Course (TechRepublic Academy)
ZDI said that it is giving companies 90 days to fix the exploits it discovered: “If a vendor is unresponsive or unable to provide a reasonable statement as to why the vulnerability is not fixed, the ZDI will publish a limited advisory including mitigation in an effort to enable the defensive community to protect users,” it said.
As always, keeping your devices up to date is an important part of preventing exploits, provided someone isn’t working to find a new one just as fast as Apple can close the old ones.
Spoiler: They are–at least it’s the good guys in this case.
The top three takeaways for TechRepublic readers:
- Researchers at a hacking competition were able to drop malicious code onto an iOS device running 11.1 over Wi-Fi. This occurred just one day after Apple patched iOS for the Krack Wi-Fi exploit.
- The team that exploited iOS Wi-Fi also managed to run an exploit through the iOS version of Safari. Another participant did so as well, enabling him to run “the code of his choice” on the affected device.
- The competition where these exploits were discovered, called Pwn2Own, is giving Apple 90 days to respond to the discoveries. After that it will release an advisory with mitigation steps so that the cybersecurity community can prevent the exploits’ use.
- Reducing the risks of BYOD in the enterprise (Free PDF) (TechRepublic)
- 5 data security and privacy tips for iOS (TechRepublic)
- Secure your iPhone and iPad: Change these iOS 11 privacy and security settings now (ZDNET)
- Apple iOS 11: The smart person’s guide (TechRepublic)
- Just one day after its release, iOS 11.1 hacked by security researchers (ZDNet)
- Mobile device computing policy (Tech Pro Research)