Zero-Day iOS Security Hole Causes iPhones and iPads to Crash Repeatedly
There is a new zero-day vulnerability in iOS 8 that will repeatedly crash your iDevice if exploited by a malicious wireless hotspot, reports The Register.
The bug was discovered by Adi Sharabani and Yair Amit of Skycure and publicly unveiled during the RSA 2015 conference today [PDF here]. It all goes back to the SSL bugs (heartbleed, etc.), so the pair have started playing around with it, taken a closer look, and were surprised to discover that Apple left a security hole in iOS 8.
“Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash,” Sharabani told the RSA security conference in San Francisco today.
“There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can’t use your Wi-Fi – this is a denial-of-service so you can’t use your device even in offline mode.”
The bad news: the only way you can protect yourself is to make a run for it. The good news is that they have not seen anyone exploiting this security hole however, and are working closely with Apple on a fix.