Earlier this week, Apple pushed out iOS 9.2.1 which fixed a vulnerability which has been in the wild for nearly 3 years. This vulnerability was discovered by security researchers from Skycure, Yair Amit and Adi Sharabani.
When a user connects to a public network or a captive-enabled network, the iOS device displays a pop-up window that enable the user to use the embedded browser to login the network via HTTP. The embedded browser shares the same cookie stored with Safari. If a user connect to a rogue network, these cookies, which contains credentials can be stolen by attackers.
The impact of this vulnerability:
- Steal users’ (HTTP) cookies associated with a site of the attacker’s choice. By doing so, the attacker can then impersonate the victim’s identity on the chosen site.
- Perform a session fixation attack, logging the user into an account controlled by the attacker–because of the shared Cookie Store, when the victims browse to the affected website via Mobile Safari, they will be logged into the attacker’s account instead of their own.
We advise our readers to update their iOS as soon as possible.