{"id":49420,"date":"2016-01-21T10:16:05","date_gmt":"2016-01-21T18:16:05","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=49420"},"modified":"2016-01-21T10:57:59","modified_gmt":"2016-01-21T18:57:59","slug":"update-your-ios-devices-your-cookies-may-be-at-risk","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/update-your-ios-devices-your-cookies-may-be-at-risk\/","title":{"rendered":"Update Your iOS Devices \u2013 Your Cookies May Be at Risk!"},"content":{"rendered":"

\"Captive<\/p>\n

If you own an iPhone or iPad chances are that you already know that there is an update to iOS available. With a few presses your device should be downloading iOS 9.2.1 which, according to Apple, includes a number of under-the-hood performance improvements and bug fixes.<\/p>\n

If you bothered to read the update dialog on your iDevice, you will have seen that iOS 9.2.1 addresses a bug<\/a> that was causing headaches for businesses using Mobile Device Management.<\/p>\n

\"ioS<\/p>\n

But, of course, that wasn’t the only issue that the new version of iOS aims to resolve. As researchers at Skycure explain<\/a>, iOS 9.2.1 tackles a vulnerability that has potentially left iPhones and iPads open to abuse for at least the last 2.5 years.<\/p>\n

The flaw, known as CVE-2016-1730, is described at the bottom of Apple’s advisory<\/a> about the security content in the new version of iOS:<\/p>\n

\"iOS<\/p>\n

WebSheet<\/strong><\/p>\n

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later<\/p>\n

Impact: A malicious captive portal may be able to access the user’s cookies<\/p>\n

Description: An issue existed that allowed some captive portals to read or write cookies. The issue was addressed through an isolated cookie store for all captive portals.<\/p>\n

CVE-ID
\nCVE-2016-1730 : Adi Sharabani and Yair Amit of Skycure<\/p><\/blockquote>\n

From that brief description it may be difficult to determine precisely what the problem was, so I’ll do my best to explain.<\/p>\n

When you connect to the Wi-Fi at your local coffee shop or in the airport departure lounge, you usually find that your iPhone or iPad is redirected to a special login page. This is known as a “captive portal,” and is triggered by your device making a request to the url http:\/\/www.apple.com\/library\/test\/success.html<\/a><\/p>\n

If the request is redirected to a third-party page then Apple knows that the providers of the wireless connectivity have put a portal in place, and a dialog box is displayed via an embedded browser giving you the opportunity to login.<\/p>\n

\"Captive<\/p>\n

So far, so good.<\/p>\n

But, back in June 2013, Skycure discovered that the embedded browser used to display captive portals had a vulnerability, which saw private cookies already stored in the user’s mobile Safari browser shared with the captive portal, and vice versa.<\/p>\n

As Skycure’s Yair Amit explains, the vulnerability opens opportunities for attackers to do a number of things:<\/p>\n