An SSL certificate duly built threatens to crash individual applications iOS or even the whole system: a vulnerability that combined with others can lead to an area ” No iOS ” via WiFi network.
A bug in the SSL library of iOS could allow an attacker to crash to bring individual app or even the entire device when it is connected to a WiFi hotspot specially compromise.
The attack, identified by researchers Yair Amit and Adi Sharabanu of Skycure, originates from a problem with the parsing of SSL certificates with iOS. By submitting a certificate constructed appropriately to an iOS device via a WiFi hotspost was possible to crash individual applications as well as the entire device.
The same security company has identified a vulnerability in 2013, then given the name WiFiGate that allowed an attacker to create a WiFi network and force an external device to connect to the network. Combining this with the newly discovered vulnerability could allow the creation of a ” No iOS Zone ” where an iOS device is forced to connect to a network that uses the SSL vulnerability to continue to crash the device until it exits the range of the WiFi network.
The two researchers have already notified the problem to Apple and are collaborating with the company to find a solution. Part of the problem seems to have already been resolved in the update iOS 8.3, which we strongly recommend the installation.