iPhone vulnerable to remote attack on SSL

Started by Glenn, Feb 03, 2010, 08:23:36

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Glenn

Feb 03, 2010, 08:23:36
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.

The fault lies in a feature that makes it easy to configure large numbers of iPhones so they meet an organization's IT policies, said Charlie Miller, a researcher at Independent Security Evaluators. Not only does the provisioning feature work over the internet, it can be tricked into accepting malicious configuration files.

http://www.theregister.co.uk/2010/02/02/iphone_malicious_config_attack/

Most won't fall for it, but it will catch out some poor souls, clicking on the links.
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

#1
Feb 03, 2010, 09:42:31
Quote from: Glenn on Feb 03, 2010, 08:23:36
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.

The fault lies in a feature that makes it easy to configure large numbers of iPhones so they meet an organization's IT policies, said Charlie Miller, a researcher at Independent Security Evaluators. Not only does the provisioning feature work over the internet, it can be tricked into accepting malicious configuration files.

http://www.theregister.co.uk/2010/02/02/iphone_malicious_config_attack/

Most won't fall for it, but it will catch out some poor souls, clicking on the links.
Quote from: Glenn on Feb 03, 2010, 08:23:36
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.

The fault lies in a feature that makes it easy to configure large numbers of iPhones so they meet an organization's IT policies, said Charlie Miller, a researcher at Independent Security Evaluators. Not only does the provisioning feature work over the internet, it can be tricked into accepting malicious configuration files.

http://www.theregister.co.uk/2010/02/02/iphone_malicious_config_attack/

Most won't fall for it, but it will catch out some poor souls, clicking on the links.
I never use my phone for ssl stuff never have and never will trust the mobile web for that
Damned, if you do damned if you don't

Niall

#2
Feb 04, 2010, 20:45:50
I'd be lucky if my fat fingers could select the links. I keep missing :D
Flickr Deviant art
Art is not a handicraft, it is the transmission of feeling the artist has experienced.
Leo Tolstoy

Gary

#3
Feb 04, 2010, 21:44:49
Quote from: Niall on Feb 04, 2010, 20:45:50
I'd be lucky if my fat fingers could select the links. I keep missing :D
Double tap the screen and make the page bigger  ;D
Damned, if you do damned if you don't

Niall

#4
Feb 06, 2010, 15:21:31
I do :D
Flickr Deviant art
Art is not a handicraft, it is the transmission of feeling the artist has experienced.
Leo Tolstoy
Print
Go Up Pages1
User actions