A security researcher has discovered major a flaw in the iOS 7 security system, apparently brought about by a botched attempt by Apple to patch an issue specific to iOS 6. The kernel exploit, if anything, has only been aggravated by the Cupertino’s intervention, and as such, Azimuth Security researcher Tarjei Mandt believes that iOS 7 is “much worse” than its predecessor with regards security.
As well as trying to maintain a steady stream of new and exciting features with each major update to iOS, Apple, like all makers of software products, also has to contend with security issues. Maintaining a secure environment for consumers is always high up on the list of considerations to be made by those dabbling in software, but for a company like Apple, which prides itself on protecting the interests of users with regards to both security and privacy, it’s even more critical.
As ever, Apple was keen to make amends for the iOS 6-related issue, but in doing so, appears to have simply opened a can of worms. At the CanSecWest conference last week, Mandt gave insight into an iOS 7 security flaw that has been brought about by modifications Apple made to patch a kernel encryption-related issue on iOS 6, and while the fruit company’s fix was implemented with good intentions, it has just made the situation a fair jot worse.
To encrypt the kernel in question, Apple used a random-number generator, and with iOS 7, the feature was updated to bolster things further. Yet the tool is apparently not serving its purpose, for, as Mandt has pointed out, there are various techniques that an unscrupulous individual could utilize in order to guess these numbers, and in turn, gain access to the whole device.
Such conclusions will not make for happy reading, either on the part of Apple nor users of iOS 7 devices, and although Apple hasn’t made any official comment on the situation, Mandt did note to CNET that the company’s security team have reached out to him, naturally concerned about the whole affair.
If, as Mandt notes, leaving this issue to fester could “roll back 10 years of security-hardening techniques in iOS,” it’s not hard to see why Apple may be slightly worried about the security of its mobile OS, which was only recently handed a significant update to version 7.1.
Hopefully, Apple will release a statement of acknowledgement, followed by a swift, remedial update.
We’ll keep you posted.