iOS MDM Protocol Vulnerability Exposes iPhone, iPad to Attack: Report

Advertisement
By Manish Singh | Updated: 4 April 2016 14:23 IST
iOS MDM Protocol Vulnerability Exposes iPhone, iPad to Attack: Report

Another vulnerability has been found in iOS, Apple's mobile operating system. The mobile device management (MDM) interface for iOS, according to security researchers, can be exploited to gain complete access to the device. Apple insists that it's not a vulnerability, but a social-engineering trick.

Security researchers at Check Point Software Technologies claim that an approach dubbed "SideStepper" can allow an attacker to hijack enterprise management functions by sending a malicious link to the device.

According to the researchers, clicking on that link will give attackers full control of the MDM software, and allow them to push malicious apps to the device as well as make changes to other configuration settings. In other words, MDM software in iOS is susceptible to man-in-the-middle attacks and can be exploited to install malware on non-jailbroken devices. The vulnerability was demonstrated at Black Hat Asia 2016.

The researchers claim that Apple patched a similar vulnerability last year with iOS software update, however, it left one hole. These MDM tools are used by companies to control, and configure their employees' devices. These devices have access to a private app store.

Advertisement

Speaking to Ars Technica, Apple has refuted the claims, adding that it was a social-engineering attack, and per se, not a weakness in iOS. "This is a clear example of a phishing attack that attempts to trick the user installing a configuration profile and then installing an app," a spokesperson for the company told the publication.

"This is not an iOS vulnerability. We've built safeguards into iOS to help warn users of potentially harmful content like this. We also encourage our customers to download from only a trusted source like the App Store and to pay attention to the warnings that we've put in place before they choose to download and install untrusted content."

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement
Popular Mobile Brands
  1. Samsung Galaxy M36 5G India Launch Date and Key Features Revealed
  2. Poco F7 5G to Be Equipped With a Snapdragon 8s Gen 4 SoC
  3. Vivo Y400 Pro 5G: Everything We Know Ahead of India Launch on June 20
  4. Gemini and ChatGPT Would Not Exist Without This Dutch Company: Know Why
  5. OnePlus Bullets Wireless Z3 With Up to 36 Hours Battery Launched in India
  6. Vodafone Idea to Bring Direct-to-Device Satellite Connectivity to India
  7. Oppo Reno 14 5G, Reno 14 Pro 5G India Launch Timeline Leaked
  8. Samsung Galaxy Z Fold 7, Z Flip 7 Launch Date Leaked Online
  9. Vivo T4 Lite 5G to Launch in India on June 24; Chipset Confirmed
  10. BSNL Announces Name of Its 5G Service in India
  1. Honor Magic V5 Set to Launch on July 2, Design Officially Teased
  2. Samsung Galaxy M36 5G India Launch Date Set for June 27; Colours, Key Features Revealed
  3. Realme 15 Series Launch Timeline Leaked; Lite Variant Surfaces Online
  4. Oppo Reno 14 5G Series India Launch Confirmed: Expected Price, Specifications
  5. Google Messages Widely Rolling Out Snooze Notifications and Delete for Everyone Features
  6. OnePlus Bullets Wireless Z3 With 12.4mm Drivers, Up to 36 Hours of Battery Life Launched in India
  7. Microsoft Planning Thousands More Job Cuts Aimed at Salespeople
  8. Vivo T4 Lite 5G India Launch Date Announced; to Feature MediaTek Dimensity 6300 SoC
  9. Coinbase Launches Stablecoin Payments Service for E-Commerce
  10. Iran Crypto Exchange Nobitex Hit by Hackers, $90 Million Destroyed
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.