Why you really want to update iOS now (it’s not emojis)

By

Apple offers up to $1.5 million to anyone who spots a software flaw
Artist's impression of the people potentially behind iOS vulnerability. Photo: Hackers, United Artists
Photo: United Artists

With reports that it can break elements of Touch ID, there are plenty of reasons to consider not upgrading to iOS 8.3, the latest version of Apple’s mobile OS.

But here’s a very good reason to: according to security researchers, the update fixes a vulnerability which has the potential to render your iPhone almost useless.

If triggered, the vulnerability — nicknamed Phantom — means that apps which require networking crash immediately upon booting. In some cases, the iPhone itself cannot be rebooted, either. The flaw could be triggered by having an attacker trick unknowing users into configuring their phone’s proxy settings to make it vulnerable.

“If the attacker has convincing social engineering skills, a user who doesn’t understand the security risks might proceed to install a malicious profile,” note Zhaofeng Chen, Hui Xue, Tao Wei and Yulong Zhang, the researchers who first discovered the vulnerability.

A video below shows how this would work:

Thankfully, the flaw was something Apple addressed in Wednesday’s iOS 8.3 update, referring to it as a “memory corruption issue in libnetcore.”

And to think we considered a secret Spock emoji to be the most notable update!

Source: FireEye

Via: ThreatPost