Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Security

Submission + - New iPhone Attack Kills Apps, Reroutes Web Traffic (threatpost.com)

Trailrunner7 writes: There are several flaws in the way that the iPhone handles digital certificates which could lead to an attacker being able to create his own trusted certificate and entice users into downloading malicious files onto their iPhones. The result of the attack is that a remote hacker would be able to change some settings on the iPhone and force all of the user's Web traffic to run through any server he chose and also to change the root certificate on the phone, enabling him to man-in-the-middle SSL traffic from the iPhone. Charlie Miller, an Apple security researcher at Independent Security Evaluators, said that the attack works, although it would not lead to remote code execution on the iPhone. "It definitely works. I downloaded the file and ran it and it worked," Miller said. "The only thing is that it warns you that the file will change your phone, but it also says that the certificate is from Apple and it's been verified."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New iPhone Attack Kills Apps, Reroutes Web Traffic

Comments Filter:

"Probably the best operating system in the world is the [operating system] made for the PDP-11 by Bell Laboratories." - Ted Nelson, October 1977

Working...