SandJacking Attack Puts iOS Devices At Risk to Rogue Apps
Apple has yet to patch a vulnerability disclosed during last week’s Hack in the Box hacker conference in Amsterdam that allows an attacker with physical access—even on the latest versions of iOS—to swap out legitimate apps with malicious versions undetected on the device.
Researcher Chilik Tamir of mobile security company Mi3 Security disclosed last week during his talk at the show that an iOS mitigation for a previous attack he’d developed was incomplete and with a modification, he could still infect non-jailbroken iOS devices with malicious or misbehaving apps.
Apple declined to comment about the vulnerability it has known about the issue since Jan. 27. On May 23 Apple informed Tamir that it was working on a patch.