Apple was left red-faced when its newly launched iOs 11.1 and Safari were reportedly hacked several times by security researchers at a hacking competition called Pwn2Own in Tokyo on November 1, 2017. The contest was conducted by Trend Micro and researchers from “Tencent Keen Security Lab” participated in it.
Dustin Childs of the Tipping Point-founded Zero Day Initiative said “they (white hat hackers) used a total of four bugs to gain code execution and escalate privileges to allow their rogue application to persist through a reboot.”
“It took them just a few seconds to successfully demonstrate their exploit, which needed only two bugs — one in the browser and one in a system service to allow their rogue app to persist through a reboot,” said Childs.
One of the fault that researchers managed to pick was related to newly discovered series called Key Reinstallation Attacks (KRACK) vulnerability in the Wi-Fi Protected Access II (WPA2) protocol.
Two critical vulnerabilities were found in Apple’s Safari web browser. The bugs earned the researchers $70,000 in awards.
Apple, that is fixing the patches, released iOS 11.1, the latest version of the iPhone and iPad operating system on October 31, 2017, with several new features, emojis, and security fixes including a patch for KRACK vulnerability.
Apple has been given 90 days to respond to the discoveries.
In September this year, a security researcher broke vulnerability for Apple’s new operating system, macOS High Sierra, on same day the software was released.
