SSL certificate flaw allows hackers to crash devices running iOS 8

A flaw in iOS 8 would allow attackers to render devices running the mobile OS useless if they’re within range of a fake wireless hotspot, according to researchers from security firm Skycure.

The vulnerability exploits an issue in how iOS 8 handles SSL certificates. By manipulating the certificates, researchers found they were able to get apps running on iPads, iPhone and iPods as well as the OS to crash. In other instances, the researchers placed the devices in a constant reboot cycle.

Yair Amit and Adi Sharabani, Skycure’s CTO and CEO, respectively, discussed the flaw, called “No iOS Zone,” Tuesday during a session at the RSA conference and talked about their findings in a blog post on Wednesday.

To read this article in full or to leave a comment, please click here