Skip to main content

Apple fix iPhone coma vulnerability issue

Researchers say that Apple fixed a vulnerability which could put an iPhone into an eternal comatose state, The Register reports.

The flaw (CVE-2015-1118) dubbed "Phantom" allows attackers who can trick users into changing their iDevice proxy settings to tap into multiple use-after-free vulnerabilities. If they do change the settings, it starts crashing their apps, and if they try to reboot the phone, it will fall into a “coma”.

FireEye bods Zhaofeng Chen; Hui Xue; Tao Wei, and Yulong Zhang, say attackers could set up large Wi-Fi hotspots to con Apple users into altering their settings and destroying their phones.

"An attacker may distribute a malicious [configuration] profile containing proxy settings to users connected to a given Wi-Fi hotspot. If the attacker has convincing social-engineering skills, a user who does not understand the security risks might proceed to install a malicious profile [and] the attacker can then modify the victim’s proxy settings to launch Phantom attacks," they wrote in a blog post.

"Configuring HTTP proxy to abnormal values triggers multiple use-after-free (UAF) issues in libsystem_network.dylib. This vulnerability can lead to several undesired security consequences, e.g. most of networking apps will crash immediately, including system components; the system will respond sluggishly, and it is even not able to reboot successfully."

The team says admins of Wi-Fi hotspots should deliver content over HTTPS, while system admins should force users to upgrade their Apple devices.

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.