Apple Has Patched Many Backdoor Vulnerabilities In iOS 8 GM, Some Still Exist
Given the recent spate of celebrity phone compromising, allied to the fact that Apple is about to roll out its new mobile payment system with iOS 8 and the new iPhone 6 / 6 Plus, and it’s fair to say that these are testing times for the company. From a security point of view, the Mac maker will want to avoid any more high-profile gaffes as it looks to win the trust of the consumer market, and although the new iOS 8 GM has fixed some vulnerabilities first highlighted by a seasoned security researchdf, a few still continue to linger.
As expected, Apple rolled out iOS 8 GM to developers yesterday, with an end user release likely to follow in the coming days. While many have flocked to download and install this latest release in order to check out the new features, Jonathan Zdziarski has taken the opportunity to resume his research that first hit the headlines a couple of months ago.
Zdziarski pinpointed a series of backdoor vulnerabilities within the iOS infrastructure, which may present a threat if latched onto by opportunistic hackers. Having taken a quick look through the GM build, Zdziarski confirms that a number of these flaws have been patched up, although a number are still present.
Apple responded to Zdziarski’s initial findings by noting that the services in question were used merely for debugging, which was something of a relief given the spate of stories relating to covert government monitoring. But while some of the more severe vulnerabilities have been dealt with – an NSA-like body would not be able to obtain information previously available through the hidden services – forensic tools could still gain access to app sandboxes through USB connection.
Of course, given that iTunes needs to access app info and data via USB, it’s a necessary vulnerability with practical uses, but it’s nevertheless disconcerting that a number of readily-available utilities could be used for the purpose of dumping app data straight from your device to a USB thumb drive, for example.
If you’d like a more in-depth, detailed look at Zdziarski’s findings, be sure to check out his blog post on the matter, which can be found via the source link below.