Apple stays tight-lipped on Skycure claim of iOS security vulnerability

Apple remained tight-lipped when asked for its reaction to an announcement by Israel-based security company Skycure that it had discovered a security breach in the company's iOS 8 platform.

The U.S. device maker failed to respond to multiple enquiries by FierceWireless:Europe, despite Skycure noting in a blog post that it is working with the company to address the weakness, which enables hackers to crash iOS 8 applications that perform Secure Socket Layer (SSL) communication at any time.

In the blog, Skycure co-founder Yair Amit explained that the company discovered the flaw during routine experimental attacks on mobile devices.

"One day, during preparation for a demonstration of network-based attack, we bought a new router. After setting the router in a specific configuration and connecting device to it, our team witnessed the sudden crash of an iOS app," Amit wrote.

Other Skycure iOS users were quickly affected, leading the company to discover the breach, which allows attackers using "a specially crafted SSL certificate" to regenerate a bug to crash the apps.

"As SSL is a security best practice and is utilised in almost all apps in the Apple app store, the attack surface is very wide," Amit noted.

Skycure has held back some of the more technical details of the vulnerability because Apple has not confirmed that the problem is fully fixed, the co-founder explained. However, he noted that the SSL vulnerability can also affect the operation of the entire iOS operating system. "With heavy use of devices exposed to the vulnerability, the operating system crashes as well," he wrote, adding. "Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless."

Adi Sharabani, Skycure CEO and fellow co-founder, told Bloomberg that iOS 8.3, an updated version of the operating system, corrected some of the problems discovered by his company, but not all.

IDC reported in February that iOS and Google's Android operating system dominated smartphone shipments in 2014, achieving a combined market share of 96.3 per cent.

For more:
- view Skycure's blog
- see this Bloomberg article

Related Articles:
IDC: Android and iOS increase smartphone OS dominance in 2014
Gartner: iOS attractive alternative for today's Android users
Juniper Research: Apple and Samsung tablet market share to fall to combined 38% by 2019
ABI Research: Android's OS dominance may have peaked
IDC: Apple iOS seen as 'weakest link' on slowing tablets market