Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - New iPhone Attack Kills Apps, Reroutes Web Traffic->

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "There are several flaws in the way that the iPhone handles digital certificates which could lead to an attacker being able to create his own trusted certificate and entice users into downloading malicious files onto their iPhones. The result of the attack is that a remote hacker would be able to change some settings on the iPhone and force all of the user's Web traffic to run through any server he chose and also to change the root certificate on the phone, enabling him to man-in-the-middle SSL traffic from the iPhone. Charlie Miller, an Apple security researcher at Independent Security Evaluators, said that the attack works, although it would not lead to remote code execution on the iPhone. "It definitely works. I downloaded the file and ran it and it worked," Miller said. "The only thing is that it warns you that the file will change your phone, but it also says that the certificate is from Apple and it's been verified.""
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New iPhone Attack Kills Apps, Reroutes Web Traffic

Comments Filter:

A man is not complete until he is married -- then he is finished.

Working...