Vulnerabilities Found in Apple’s iOS 9

Wednesday, March 9, 2016 @ 04:03 PM gHale


With the growth of Apple devices used around manufacturing facilities, the company’s iOS 9.0, 9.1, and 9.2.1 releases contain multiple vulnerabilities, researchers said.

The vulnerabilities affect iPhones and iPads, said researchers at Vulnerability Lab warn.

RELATED STORIES
Apple Reworks Security Update
Ransomware in Mac Attack
New Malware Targeting OS X
Mars Rover: Code Used for Espionage

These vulnerabilities allow a local attacker who has physical access to the device to bypass the passcode protection mechanism of the Apple mobile iOS, the bug’s security advisory reveals. Apple iPhone 5, 5s, 6 and 6s, as well as iPad mini and iPad 1 and 2 suffer from the issue.

http://www.vulnerability-lab.com/get_content.php?id=1778

The passcode bypass poses a high security risk, with a CVSS (common vulnerability scoring system) count of 6.4.

By successfully exploiting the vulnerability, an attacker can gain device access and compromise sensitive user data, including address-books, photos, SMS, MMS, emails, phone app, mailbox, and phone settings, while also being able to access other default/installed mobile apps.

Vulnerability Lab researchers said exploiting the vulnerabilities, a local attacker could request an internal browser link request to the App Store that bypasses the user’s passcode or fingerprint protection mechanism.

According to researchers, an attacker can take advantage of these issues in several ways to gain unauthorized access to the affected Apple mobile iOS devices. Siri, the Events Calendar, and the Clock app of the control panel on default settings can end up exploited in these scenarios, the advisory said

Apple confirmed all the vulnerabilities. Researchers do not know when a patch will release.