Apple Inc.’s iOS operating system contains a bug that lets attackers crash iPhones and iPads within range of a wireless hotspot, security company Skycure Ltd. said.
The devices’ applications and even the entire base software shut down when served with manipulated SSL encryption certificates, Skycure Chief Executive Officer Adi Sharabani said in a phone interview. If hackers manage to force devices within range onto their own wireless network, they can effectively create a “no iOS zone,” according to Tel Aviv, Israel-based Skycure.
“When their programs crash, people tend to put this off as a quality issue,” Sharabani said. “But it can be a serious vulnerability.”
With Apple keeping tight control over its operating system’s code and the applications that may run on it, attackers targeting mobile devices have concentrated on Google Inc.’s Android platform, which gives them more leeway for manipulation. The SSL bug shows that attackers occasionally get the opportunity to damage Apple customers as well.