Sandbox violation in Apple's iOS affects MDM users, could enable breaches
Successful exploitation of the bug could result in the exposure of corporate credentials and servers to access.
Researchers with mobile security firm Appthority have identified a critical vulnerability in Apple's iOS mobile operating system.
Referred to as Quicksand, the sandbox violation vulnerability impacts all mobile device management (MDM) clients and any mobile apps distributed via an MDM that use the “Managed App Configuration” setting, a Wednesday post explained.
Ultimately, an attacker “with access to an MDM managed device can read all managed configuration settings for an unpatched device,” the post said.
Based on the types of apps that are open to the vulnerability, successful exploitation of the bug could result in the exposure of corporate credentials and servers to access, Kevin Watkins, chief data scientist with Appthority, told SCMagazine.com in a Thursday email correspondence.
This could lead to a compromise of corporate email and corporate documents, as well as back-end services, such as patient data servers, Watkins said. The post explained that exploiting the vulnerability requires a malicious app to be installed on a vulnerable device.
“[An attacker] would need to get their app installed on the mobile device that is accessing the corporate data,” Watkins said. “This could be targeted, such as sending an email to a specific company with a link to their app, using an app store, or in extreme cases getting access to the mobile physical device. Once they have their app installed on the device, it's just a few lines of code to retrieve [the information] they need.”
Apple addressed the vulnerability in its recent iOS 8.4.1 update, but Appthority noted in its post that as many as 70 percent of devices might not be running the latest version of the mobile operating system and are therefore at risk.
Additional recommendations from Appthority include not storing any credentials or authentication tokens on the mobile device filesystem, always storing credentials and other secrets using the device keychain, and using iOS single-sign-on profiles whenever possible.
Watkins said the bug could lead to a full on data breach. “One of the most common type of enterprise apps we found are apps that access corporate document servers, and those documents often contain the jewels of the company,” he said.