• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Mobile   »   Sinking into the iOS Quicksand Vulnerability

Sinking into the iOS Quicksand Vulnerability

  • Posted on:September 6, 2015 at 7:38 pm
  • Posted in:Mobile, Vulnerabilities
  • Author:
    Trend Micro
0

Our investigation on the iOS Quicksand vulnerability (designated with CVE-2015-5749) leads us to the conclusion that this security gap, despite its serious risks to confidential data, is difficult to exploit due to its required specific conditions.

For instance, the MDM product must support and use the “push configuration” feature; this feature normally allows a device administrator to send configuration information together with any applications that are pushed to the user device. This is a practice that Apple discourages.

Sinking into to the Quicksand

Based on reports, the Quicksand vulnerability bypasses the iOS sandbox protection and affects mobile device management (MDM) clients.  iOS versions before 8.4.1 released last August 2015 are affected by this security issue. Note that the Trend Micro mobile solutions with MDM features are not vulnerable to this security loophole or to any attacks that may leverage this vulnerability in the future.

The iOS sandbox allows the separation or isolation of each application from other applications as well as to the operating system (OS). It functions as a security measure, a kind of ‘safety net’ in order to prevent any malicious app from accessing the contents of the other apps on your device. However, successful exploitation of the vulnerability enables attackers to use an app with malicious code to see other information stored on the other apps’ configuration found inside the device.

Figure 1.  The configuration is saved in the client’s directory, “/Library/Managed Preferences/mobile/.”

Figure 2. Attacker can employ this vulnerability to read this configuration’s sensitive information

On the other hand, an attacker could also possibly trick an employee or user into installing an app (which in actual is the malware) in the MDM’s client via App Store or enterprise certificate. In enterprise provisioning, organizations and companies can create their own in-house apps without necessarily going through Apple Store for checking and verification.

Imagine an enterprise setting wherein in-house enterprise apps are deployed by MDM clients. These MDM clients are used are used by IT administrators to be able to control and oversee all employee owned/liable devices that access the corporate network and sensitive information. An attacker may capitalize on this notion of ‘trusted source’ and may lure employees into installing a malicious app coming from their MDM thinking it’s legitimate.

Keeping things in (security) perspective

Although there are serious risks to enterprise data if this vulnerability gets successfully exploited in the wild, the impact is minimal.   For one, not all iOS devices have MDM clients turn on.  We advise users to update their iOS devices to its latest version. For in-house apps, it’s crucial for employees to have it verified first to their IT administrators if the deployed apps are valid and legitimate. This could prevent any malicious apps from entering the corporate network and consequently, stealing sensitive data.

Trend Micro detects this threat as IOS_PushCfgVul.A.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: AppleiOSquicksand

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.