Apple fixes cookie security hole with iOS 9.2.1, forgets the battery percent issue

The security hole was around for about 3 years until finally Apple patched it. According to  Adi Sharabani and Yair Amit, from security company Skycure , that’s how long it took Apple to do something about it. They reported their findings back in June 3, 2013 and only disclosed information about the vulnerability, after Apple fixed it. According to their blog post here is how an attacker would have gained access to your device :

•Steal users’ (HTTP) cookies associated with a site of the attacker’s choice. By doing so, the attacker can then impersonate the victim’s identity on the chosen site.
•Perform a session fixation attack, logging the user into an account controlled by the attacker–because of the shared Cookie Store, when the victims browse to the affected website via Mobile Safari, they will be logged into the attacker’s account instead of their own.
•Perform a cache-poisoning attack on a website of the attacker’s choice (by returning an HTTP response with caching headers). This way, the attacker’s malicious JavaScript would be executed every time the victim connects to that website in the future via Mobile Safari.

On the other hand Apple failed to fix the battery percentage issue I mentioned earlier. You still have to use the workaround. For a full list of security bugs and fixes, make sure you check out the Apple Support page about iOS 9.2.1.


Leave a Reply

Your email address will not be published. Required fields are marked *