Busting the myths of being able to use most secure mobile OS, a security researcher at CanSecWest conference, Tarjei Mandt revealed to what extent iOS 7 is exploitable. Comparing it with its earlier version iOS 6, he said that this OS is worst than it was previously.

Going in details about how people with malicious nature can exploit it, he said in an attempt to modify random number generator in iOS 6, Apple actually made mistakes which are weakening the entire security posture.

In a whitepaper he explained that, the Psuedo-Random Number Generator or PRNG, starts with boot up and uses to the LCG or linear congruential generator to provide entropy for PRNG. Explaining the LCG, white paper stated that LCG is used to generate psuedo-random numbers with an linear equation. It is one of the oldest and most used algorithm for generating psuedo-numbers and under some circumstances it can be broken down by observing the pattern.

Mandt also wrote that, “without being assisted by additional vulnerabilities or having prior knowledge about the kernel address space … this may allow trivial exploitation of vulnerabilities previously deemed non-exploitable”.

While it has only been found in iOS 7 and believing hackers would have a rare chance to find iOS 7 running, the flaw must not be underestimated for any reasons. The fix to this new flaw may change the entire way how Apple has been securing its kernel.

While many of us know that the kernel is the heart of an OS and handles every process including heap allocations, this security bug results in the privileged access to the kernel.

Apple has also been in the news for having certificate authentication flaw, allowing hackers to compromise the SSL of iOS and Mac OS X both, which on later was fixed with an update. There was another flaw which was popularly know as ‘GOTO Fail’ was also found to leverage the kernel level access in the iOS 7.

Leave a Reply

Your email address will not be published.

I accept the Privacy Policy

This site uses Akismet to reduce spam. Learn how your comment data is processed.