Security firm discloses Apple iOS 'malicious profile' vulnerability impact on MDM

San Francisco --  At the RSA Conference today, security start-up Skycure plans to disclose a vulnerability in Apple iOS devices that can impact mobile-device management (MDM) systems running on them.

According to Skycure co-founders Yair Amit, CTO, and Adi Sharabani, CEO, it's possible for an attacker to set up a hard to detect "malicious profile" hidden on the device to subvert the user, and this vulnerability has been shared with Apple and is expected to be patched in iOS 7.1. The threat of this "hidden profile" vulnerability extends into its possible impact on mobile-device management (MDM) software used on an unpatched iOS device, according to Skycure.

+ ALSO ON NETWORK WORLD Hot, new products from RSA | The 12 Most Powerful Security Companies +

Through local WiFi access, an attacker exploiting this hidden "malicious profile" vulnerability could change the MDM settings on the user's device or otherwise tamper with it, says Sharabani. While the hidden-profile flaw should be easily patched, Skycure thinks the MDM part of this may be related to an underlying "flaw in the design of Apple iOS," he says, which could be "much harder to fix."

Skycure has seen the "malicious profile" attack in the wild, but it hasn't seen the specific MDM attack yet, "but we're concerned it exists out there," Sharabani concluded.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

Tags MDMApplesecurityNetworkingwirelessrsa 2014

More about AppleIDGRSA

Comments

Comments are now closed

Telstra unveils locations getting early access to 700MHz 4G network

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]