 "Researchers spot vulnerabilities in Apple iOS")
An international team of computer science researchers has identified serious security vulnerabilities in the iOS operating system used in Apple's iPhone and iPad devices.
The vulnerabilities make a variety of attacks possible in Apple devices.
"There's been a lot of research done on Android's operating systems, so we wanted to take a closer look at Apple's iOS," said William Enck, associate professor of computer science at North Carolina State University and co-author of a paper.
The goal was to identify any potential problems before they became real-world problems, he added.
The researchers focused on the iOS's "sandbox" which serves as the interface between applications and the iOS.
The iOS sandbox uses a set "profile" for every third-party app.
This profile controls the information that the app has access to and governs which actions the app can execute.
To see whether the sandbox profile contained any vulnerabilities that could be exploited by third-party apps, the researchers first extracted the compiled binary code of the sandbox profile.
They then decompiled the code, so that it could be read by humans.
Next, they used the decompiled code to make a model of the profile, and ran series of automated tests in that model to identify potential vulnerabilities.
The team identified vulnerabilities that would allow them to launch different types of attacks via third-party apps.
Those attacks include methods of bypassing the iOS's privacy settings for contacts, of learning a user's location search history and of inferring sensitive information (such as when photos were taken) by accessing metadata of system files.
It also includes methods of obtaining the user's name and media library and of consuming disk storage space that cannot be recovered by uninstalling the malicious app.
"We are already discussing these vulnerabilities with Apple. They're working on fixing the security flaws, and on policing any apps that might try to take advantage of them," Enck noted in a university statement.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app