RESEARCHERS FROM North Carolina State University have revealed more security vulnerabilities in iOS just days after Apple was forced to patch three zero-day flaws in the widely used operating system.
"There's been a lot of research done on Android's operating systems, so we wanted to take a closer look at Apple's iOS," said William Enck, an associate professor of computer science at the university and co-author of a paper describing the work.
"Our goal was to identify any potential problems before they became real-world problems."
The focus of the research was the iOS sandbox, the interface between applications and the operating system intended to protect iOS from exploitation by malicious apps.
The iOS sandbox uses a set 'profile' for every third-party app that controls the information to which the app has access and governs the actions that it can execute.
The researchers first extracted the compiled binary code of the sandbox profile to see whether it contained any vulnerabilities that could be exploited by third-party apps.
They then decompiled the code so that it could be read by humans, and used it to make a model of the profile. A series of automated tests were then run to identify potential vulnerabilities.
The researchers uncovered a number of flaws that could enable them to launch different types of attack via third-party apps. These include:
- Bypassing the iOS's privacy settings for contacts
- Learning a user's location search history
- Inferring sensitive information (such as when photos were taken) by accessing metadata of system files
- Obtaining the user's name and media library
- Consuming disk storage space that cannot be recovered by uninstalling the malicious app
- Preventing access to system resources, such as the address book
- Allowing apps to share information with each other without permission.
Enck said that Apple has been informed of the flaws and is already preparing patches.
The SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles paper will be presented at the ACM Conference on Computer and Communications Security in Vienna at the end of October. µ
Firm spills details inside Android 9.0 update
It's not nearly as bad as it looks
But firm won't critique your use of the 'Desperate Slutty Singles' app
Suggestions that it is using third-party data to feather its nest