Apple fixed a critical iOS vulnerability where hackers could steal cookies from devices (CVE-2016-1730)

Apple fixed a critical iOS vulnerability where hackers could steal cookies from devices (CVE-2016-1730)

 

Recently, Apple fixed a serious vulnerability in iOS. This vulnerability allows hackers to disguise themselves as end users and obtain the read and write permissions of websites with unencrypted cookies.

With iOS 9.2.1 released on Tuesday, the vulnerability has been fixed for three years since it was reported to apple for the first time.

This vulnerability is called"Captive Portal" (Force Homepage) VulnerabilityIt was first discovered by Adi Sharabani and Yair Amit of Skycure, a network security company. They reported it to Apple in private in June 2013.

How to generate vulnerabilities

This vulnerability occurs when iOS uses Captive Portals to store cookies. It generates a logon page that requires users to connect to free and vulnerable public Wi-Fi hotspots for the first time, force redirect to this page for authentication.

Therefore, when a user is using a vulnerable iOS product, the following situation occurs when they connect to such a network. This usually happens at a cafe, hotel, or airport.

 

Cookie Theft caused by iOS Vulnerability

Once accepted, the affected users can access the Internet normally. However, embedded browsers share unencrypted Cookies stored in Safari.

According to a blog post published by Skycure on Wednesday, this vulnerability allows hackers to establish a forged Captive Portal and connect to wi-fi, they can steal unencrypted cookies from devices.

List of attacks that hackers can perform

According to researchers, the Captive Portal vulnerability allows hackers:

Simulated attacks: hackers can steal users' unencrypted (HTTP) cookies and disguise them as victims logging on to the website. Fixed session attacks: hackers allow victims to access accounts controlled by hackers because cookies are shared storage. When the victim browsed the affected website using the Safari mobile browser, they logged on to the hacker's account instead of their own. Conduct cache poisoning attacks on a specified Website: hackers will return the HTTP response packet in the cache header to the victim. In this case, hackers can execute malicious JS scripts every time the victim connects to the website through the mobile browser of Safari.

Patch your device

This vulnerability affects iPhone 4S, iPad 2, and later versions. However, this vulnerability was fixed after iOS 9.2.1. In the future, cookies on the Captive Portal will be stored separately to avoid hacker attacks.

Skycure said this was the longest vulnerability in Apple's repair period, but the patch was complicated after all and there were no signs of bypassing it on the Internet.

Therefore, to prevent such attacks, download iOS 9.2.1 from the settings menu and update your system.