#LOTS OF APPLE SANDBOX VIOLATING FULL#
Watkins said the bug could lead to a full on data breach.
#LOTS OF APPLE SANDBOX VIOLATING CODE#
Once they have their app installed on the device, it's just a few lines of code to retrieve they need.”Īpple addressed the vulnerability in its recent iOS 8.4.1 update, but Appthority noted in its post that as many as 70 percent of devices might not be running the latest version of the mobile operating system and are therefore at risk.Īdditional recommendations from Appthority include not storing any credentials or authentication tokens on the mobile device filesystem, always storing credentials and other secrets using the device keychain, and using iOS single-sign-on profiles whenever possible. “This could be targeted, such as sending an email to a specific company with a link to their app, using an app store, or in extreme cases getting access to the mobile physical device. “ would need to get their app installed on the mobile device that is accessing the corporate data,” Watkins said. The post explained that exploiting the vulnerability requires a malicious app to be installed on a vulnerable device. This could lead to a compromise of corporate email and corporate documents, as well as back-end services, such as patient data servers, Watkins said. Ultimately, an attacker “with access to an MDM managed device can read all managed configuration settings for an unpatched device,” the post said.īased on the types of apps that are open to the vulnerability, successful exploitation of the bug could result in the exposure of corporate credentials and servers to access, Kevin Watkins, chief data scientist with Appthority, told in a Thursday email correspondence. Referred to as Quicksand, the sandbox violation vulnerability impacts all mobile device management (MDM) clients and any mobile apps distributed via an MDM that use the “Managed App Configuration” setting, a Wednesday post explained. Researchers with mobile security firm Appthority have identified a critical vulnerability in Apple's iOS mobile operating system.
0 kommentar(er)
