Latest Apple iOS 11.1 hacked just one day after release

Apple iOS 11.1 hacked just one day after its release which surprised the security world, considering Apple's reputation in the past.During a contest in Tokyo conducted by Trend Micro, named as “Pwn2Own”, researchers successfully exploited two critical v

The vulnerability impacts iPhone and iPad users

  Apple iOS 11.1 hacked just one day after its release which surprised the security world, considering Apple's reputation in the past. During a contest in Tokyo conducted by Trend Micro, named as “Pwn2Own”, researchers successfully exploited two critical vulnerabilities in iOS 11.1. It took only a few seconds by the researchers at “Tencent Keen Security Lab” to exploit two bugs they discovered that lead to iOS11.1 hacked. One of the exposed vulnerability is in the Safari browser and another one in a system service that let a malicious app persist through a reboot.

You may be interested in reading:Apple Mac Specific Threats on the Rise!

The bug in the “safari” browser allowed the security experts to break its sandbox environment to inject and execute a malicious script and got iOS11.1 hacked. Apple left red-faced again after a short while, considering that the past claims of robust security in its operating system are no stronger enough, although still, it stays ahead of Microsoft. But the Microsoft lobby voice will be louder now on their claims that it is a matter of further exposure of the operating system, which allows hackers to expose any software’s vulnerability spectrum. The claim is that more vulnerabilities and patching requirement for Microsoft is mainly due to its popularity among the users, considering the expertise available and visibility of its functioning to security experts and hackers. The discovery of vulnerabilities by the researchers will earn them 70000 US$ as the prize money. The bug details will be publicized later only, to allow Apple to fix it before being exploited by the hackers. The risk is that considering the news is out already there may be hacking groups exploring and trying to attack the areas of vulnerabilities during the period till Apple releases the fix. Also, these two are being exposed by the researchers, but how many more known by the hackers/experts, but not yet disclosed? It is still not clear when Apple will release the patches for the discovered vulnerabilities. Apple released the new version of iOS 11.1, to fix many other vulnerabilities that were discovered earlier and also to provide more features in their operating system. iPhone and iPad are impacted, in this latest iOS 11.1 which got released on October 31st. Many new features and emojis were part of the patch. The KRACK wireless network vulnerability fix also included in this update. Recently there were many vulnerabilities discovered in Apple software, including the zero-day in macOS High Sierra, immediately after the OS was released. Around 19 security gaps were fixed in the iOS11.1 as claimed by Apple, but unfortunately, like many other security updates or new versions fixing of one issue opens up many another is coming true in this case too. How many more will be discovered and how many more patches to be released is to be seen.

You may also like reading :OSX/Dok Infects Malware-Proof MacOS Users

Lessons Learned & Recommendations

• Apple also losing the security robustness
• More features, more chances of vulnerabilities
• Fixing one gap could open up many others
• Installing latest updates, before getting stabilized, may be detrimental in some cases
• Ensure additional layers of controls, instead of depending on OS security only.

Read more on :10 Key Information Security Mistakes Organizations Make! How to Fix Them?