Zero-Day iOS Security Hole Causes iPhones and iPads to Crash Repeatedly


Ios zero day bug

There is a new zero-day vulnerability in iOS 8 that will repeatedly crash your iDevice if exploited by a malicious wireless hotspot, reports The Register.

The bug was discovered by Adi Sharabani and Yair Amit of Skycure and publicly unveiled during the RSA 2015 conference today [PDF here]. It all goes back to the SSL bugs (heartbleed, etc.), so the pair have started playing around with it, taken a closer look, and were surprised to discover that Apple left a security hole in iOS 8.

“Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash,” Sharabani told the RSA security conference in San Francisco today.

“There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can’t use your Wi-Fi – this is a denial-of-service so you can’t use your device even in offline mode.”

The bad news: the only way you can protect yourself is to make a run for it. The good news is that they have not seen anyone exploiting this security hole however, and are working closely with Apple on a fix.


  • Chrome262

    so if you have it set to only join known networks, you should be fine. And this is just sounds packet flooding

  • skydivertak

    Well, apparently, carrier-locked iPhones will automatically connect to carrier Wi-Fi, no matter what your setting (found this in another article). They tested this on AT&T. Need to find out if this happens with Rogers or other Canadian carriers, and if unlocking the iPhone will stop this behaviour.

  • ShaBi

    Try turning off your wi-fi if you don’t desperately need it.