Weak Apple PRNG Threatens iOS Exploit Mitigations

Weak Apple PRNG Threatens iOS Exploit Mitigations 143

Posted by Soulskill on Friday March 14, 2014 @11:51AM from the also-makes-you-lose-at-poker dept.

Trailrunner7 writes "A revamped early random number generator in iOS 7 is weaker than its vulnerable predecessor and generates predictable outcomes. A researcher today at CanSecWest said an attacker could brute force the Early Random PRNG used by Apple in its mobile operating system to bypass a number of kernel exploit mitigations native to iOS. 'The Early Random PRNG in iOS 7 is surprisingly weak,' said Tarjei Mandt senior security researcher at Azimuth Security. 'The one in iOS 6 is better because this one is deterministic and trivial to brute force.' The Early Random PRNG is important to securing the mitigations used by the iOS kernel. 'All the mitigations deployed by the iOS kernel essentially depend on the robustness of the Early Random PRNG,' Mandt said. 'It must provide sufficient entropy and non-predictable output.'"

Weak Apple PRNG Threatens iOS Exploit Mitigations

Search 143 Comments Log In/Create an Account

Comments Filter:

PRNG was outsourced (Score:5, Funny)

by ArhcAngel ( 247594 ) writes: on Friday March 14, 2014 @12:27PM (#46483891)

Apple didn't want another security embarrassment so they asked the NSA to supply the most secure PRNG they had.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Weak Apple PRNG Threatens iOS Exploit Mitigations 143

Weak Apple PRNG Threatens iOS Exploit Mitigations More Login

Weak Apple PRNG Threatens iOS Exploit Mitigations

PRNG was outsourced (Score:5, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot