When Apple released OS X Yosemite 10.10.3, Apple promised a fix for the vulnerability known as Rootpipe. But that was not exactly what happened, as informed by the Forbes this week.
Briefly, the Rootpipe allows a person with dubious intentions and physical access to the computer to change the user's privileges to the most complete level, known as root. The video above, published by Patrick Wardle (a former NSA employee who now runs security firm Synack), shows the problem well even though he preferred not to detail how he got it done. The security expert also said that Apple did implement additional access controls to stop these people's attempts, but that it is possible to get around that.
Pedro Vilaa, another security expert who has discovered several OS X flaws in recent years, has also confirmed everything. He went further, stating that the correction for the Rootpipe it was condemned from the beginning because there are several ways to get around everything precisely because of the wrong structure of the correction.
SourceDNA (which provides an app analysis service) reported that around 1,500 apps available on the App Store have a HTTPS vulnerability which allows criminals to intercept encrypted passwords, bank account numbers and other highly sensitive information.
The problem here has to do with an old version of AFNetworking, an open source library which allows developers to implement network features in their apps. Although the problem is already solved in the new version of AFNetworking (2.5.2), many apps continue to use 2.5.1 that has the flaw.
In this case, it is not the fault of Apple but of the developers of these apps (which include famous ones like Citrix OpenVoice Audio Conferencing, Movies by Flixter, Alibaba.com, Revo Restaurant POST, etc.). If you are in doubt as to whether some of the applications most used by you fail, you can do a search here. It is up to us, users, to charge developers to update everything as quickly as possible.
Do you think it's over? At the! As reported by the Gizmodo UK, Skycure security researchers demonstrated the vulnerability called “No iOS Zone” (something like “iOS Dead Zone”). What does she do? Allows evildoers to stop iOS apps that are within the reach of a hot spot Wi-Fi, regardless of whether the iPad, iPhone or iPod touch user is connected to the network.
This is possible thanks to an iOS 8 bug that, through the manipulation of SSL certificates sent to iOS devices over a network, causes applications / devices to fail constantly, including being able to be placed on a constant startup (loop).
Initially, this would only happen if the user entered the Wi-Fi network with the modified certificates, but another vulnerability entitled WiFiGate makes it possible to affect nearby devices. And what is this WiFiGate about? IOS devices are pre-programmed by operators to automatically connect to certain networks (those offered by the telecoms themselves). There is no way to prevent your phone from connecting to them, other than turning off Wi-Fi completely. But let's face it, this is not the solution.
What the researchers did, then, was to create a hot spot Wi-Fi of those to which the phone automatically connects, but with the changed certificates. Thus, it is enough for an iOS device to approach and failures begin. At least the researchers have already informed that they are in contact with Apple so that everything can be resolved in a future update of the system.
(via ZDNet, Ars Technica, 9to5Mac)