0
(Image: CNET/CBS Interactive)
A day after iOS 11.1 was released, security researchers have already broken the software.
News of the exploits came from Trend Micro’s Mobile Pwn2Own contest in Tokyo, where security researchers found two vulnerabilities in Safari, the mobile operating system’s browser.
It took researchers at Tencent Keen Security Lab a few seconds to exploit two bugs — one in the browser and one in a system service that let a malicious app persist through a reboot.
Another bug in Safari let researchers break the browser’s sandbox and execute malicious code.
The bugs earned the researchers $70,000 in awards.
But specific details of the exploits won’t be made public until Apple fixes the bugs, or a three-month period of responsible disclosure expires — whichever is first.
It’s not known when Apple will fix the latest iOS 11.1. bugs.
iOS 11.1, the latest version of the iPhone and iPad operating system, was released Tuesday, with several new features, emojis, and security fixes — including a patch for the so-called KRACK wireless network vulnerability.
The software also fixed 19 additional vulnerabilities, Apple confirmed.
It’s not the first time Apple has been left red-faced over security issues. In September, a security researcher dropped a zero-day vulnerability for Apple’s new operating system, macOS High Sierra, on the day that the software was rolled out.
Apple fixed the bug a week later.
Contact me securely
Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
Read More
ZDNET INVESTIGATIONS
Leaked TSA documents reveal New York airport’s wave of security lapses
US government pushed tech firms to hand over source code
At the US border: Discriminated, detained, searched, interrogated
Millions of Verizon customer records exposed in security lapse
Meet the shadowy tech brokers that deliver your data to the NSA
Inside the global terror watchlist that secretly shadows millions
FCC chairman voted to sell your browsing history — so we asked to see his
With a single wiretap order, US authorities listened in on 3.3 million phone calls
198 million Americans hit by ‘largest ever’ voter records leak
Britain has passed the ‘most extreme surveillance law ever passed in a democracy’
Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it
Leaked document reveals UK plans for wider internet surveillance
Related Topics:
Security TV
Data Management
CXO
Data Centers
0