Later, 2.5 years after the appearance of information about the vulnerabilities Apple fixed it in its mobile operating system. In total, the 9.2.1 update iOS quickly fixed 13 vulnerabilities, one of which, as it turned out, was a critical and revealed in 2013. On it informs Cnews.
Within the last security update, Apple eliminated the “hole”, which was first published two and a half years ago, an expert on information security company Skycure.
CVE-2016-1730, in question, contained in the method of processing the iOS operating system the web hot-spots, intended to authenticate and connect the device.
Such a web page, typically used in public networks that are present in hotels, airports, restaurants and other public places. When a user tries to connect to an open Wi-Fi network, it occurs the page on which it may be asked to enter your: name, room number or simply to accept the rules of network use. This page is generated by using the system browser iOS.
The essence of the vulnerability lies in the fact that this system browser freely exchanged cookies with a built-in system browser Safari. This opens up some opportunities for hackers. For example, if a user is logged on any web site, an attacker may through this page is used to steal login and password.
In released this week, iOS update 9.2.1 Apple has eliminated the vulnerability by creating isolated storage cookies for all pages authorization on public networks. Experts do not exclude that Apple took a lot of time finding ways to address the vulnerability, since it “only at first glance seems simple”.
In addition to CVE-2016-1730, this week the company has eliminated and other vulnerabilities in iOS and OS X. Just eliminated several dozen vulnerabilities, including in the latest desktop operating system OS X El Capitan.