Fix broken web address links

Fix broken web address links

23.Oct.2021

A recently described flaw in iOS that allows man-in-the-middle attackers to inject arbitrary HTTP headers is now being exploited by cybercriminals, according to a blog post published today by an independent security researcher.

Mac users surfing the Web on their devices are advised to watch out for "unusual or suspicious" DNS server configurations, because iOS's SSL/TLS library will accept certificates signed with weak algorithms, resulting in encrypted HTTPS traffic being compromised. The issue was discovered earlier this month by developer Felix Krause who warned about the dangers of open redirects used by third-party apps after his app review request was rejected based on the reason that it would break user trust.

The root cause found by Mr. Krause is that iOS doesn't "sufficiently verify certificates," which in turn allows attackers to perform a man in the middle (MITM) attack and redirect traffic to sites of their choosing. "If an attacker sets up a wifi network called 'attwifi' and configures her device to automatically join this network, then she can exploit this issue," he said in his blog post.

Mr. Krause noted that routers with DNS hijacking enabled can also be used for MITM attacks. To protect against such threats, users should only connect to trusted encrypted networks when on mobile data or unsecured Wi-Fi connections; Safari's private mode is not affected by SSL/TLS issues and neither does it support third-party plugins like Flash.

The researcher also suggested disabling JavaScript (Safari > Advanced) to block ads that are known to distribute malware, avoiding third-party apps when possible, and getting your News from trusted sources. Apple is reportedly already working on a patch for this serious flaw in its mobile operating system.

Title: iOS gets open redirect vulnerability - exploit already in the wild!

Danger level: High Risk

Discovered by: Felix Krause ( http://felix-krause.de )  at Eyeo Festival 2014

What it does: Allows attackers to perform a man in the middle attack and redirect traffic to sites of their choosing. Affects all applications which make use of third-party URL schemes. [The issue was discovered earlier this month by developer Felix Krause who warned about the dangers of open redirects used by third-party apps after his app review request was rejected based on the reason that it would break user trust.]

Impact: Can perform a MITM attack and redirect traffic to sites of their choosing.

Affected Operating Systems: iOS (tested on 7.1)

Severity (1-10 10 being most severe): 8 (multiple redirects can be chained and used to attack users e.g. phishing, malware distribution etc.) How to protect yourself: Disable JavaScript (Safari > Advanced) to block ads that are known to distribute malware; Do not install third party apps as they can access your traffic as well; Use proxies such as Squid or Privoxy for HTTP(S)/HTTP2 traffic; Only connect to trusted encrypted networks when on mobile data or unsecured Wi-Fi connections; Don't click untrusted links and don't open untrusted attachments! Safari's private mode is not affected by SSL/TLS issues and neither does it support third-party plugins like Flash.

Description: Mac users surfing the Web on their devices are advised to watch out for "unusual or suspicious" DNS server configurations, because iOS's SSL/TLS library will accept certificates signed with weak algorithms, resulting in encrypted HTTPS traffic being compromised. The issue was discovered earlier this month by developer Felix Krause who warned about the dangers of open redirects used by third-party apps after his app review request was rejected based on the reason that it would break user trust.

The root cause found by Mr. Krause is that iOS doesn't "sufficiently verify certificates," which in turn allows attackers to perform a man in the middle (MITM) attack and redirect traffic to sites of their choosing. "If an attacker sets up a wifi network called 'attwifi' and configures her device to automatically join this network, then she can exploit this issue," he said in his blog post.

Mr. Krause noted that routers with DNS hijacking enabled can also be used for MITM attacks. To protect against such threats, users should only connect to trusted encrypted networks when on mobile data or unsecured Wi-Fi connections; Safari's private mode is not affected by SSL/TLS issues and neither does it support third-party plugins like Flash. The researcher also suggested disabling JavaScript (Safari > Advanced) to block ads that are known to distribute malware, avoiding third-party apps when possible, and getting your News from trusted sources.

Apple is reportedly already working on a patch for this serious flaw in its mobile operating system. In the meantime, users can avoid such attacks by using only secure connections with trusted servers and changing DNS server settings to use their own or public services like Google's (8.8.8.8, 8.8.4.4) instead of a local ISP's DNS server which might be hijacked by attackers to perform MITM attacks [ http://www.itworldcanada.com/2014/11/15/mitm-attack-iphone-users-at-risk-from-sslvulnerabilities/ ] .