iOS cookie theft bug allowed hackers to impersonate users
Apple has squashed a bug in its iOS operating system that made it possible for hackers to impersonate end users who connect to websites that use unencrypted authentication cookies.
The vulnerability was the result of a cookie store iOS shared between the Safari browser and a separate embedded browser used to negotiate “captive portals” that are displayed by many Wi-Fi networks when a user is first joining. Captive portals generally require people to authenticate themselves or agree to terms of service before they can gain access to the network.
According to a blog post published by Israeli security firm Skycure, the shared resource made it possible for hackers to create a booby-trapped captive portal and associate it with a Wi-Fi network. When someone with a vulnerable iPhone or iPad connected, it could steal virtually any HTTP cookie stored on the device. Skycure researchers wrote: