Authored by a Symantec employee


iOS device users- update your software now! Apple released an update to iOS 9 this week, which fixes a three-year old cookie theft bug. Cookies are small files that contain various types of data that remember a user, and are placed on your computer or mobile device by websites you visit. This flaw can allow hackers to impersonate users and steal sensitive information by creating a malicious public Wi-Fi network. The hackers then wait for a compromised user to join the network and redirect them to a malicious website designed to steal user credentials. From there, the hacker would be able to open the embedded browser screen you would see when joining a public Wi-Fi network, load content into a user’s phone and execute it without them knowing.

Other ways that this bug can cause mischief:

  • If you are logged in to online services, the bug could steal your authentication cookies and later pretend to be you. Your accounts could be hijacked.
  • If you weren’t logged in, the bug could log you in as someone else, and set authentication cookies for later. You’d think you were logged in, but your later interactions with services could happen under someone else’s name.
  • The flaw can help attackers send users to spoofed websites, which could affect browsing. It can trick the browser into using malicious JavaScript and allowing malware onto the device.

As always, this is a great reminder that you should install updates whenever they become available. They may seem annoying and unimportant, but this fix goes to show that they are quite the opposite. Generally, people don’t tend to look at what the software offers in the update, and in this case, while there are many bug fixes and improvements in this latest version of iOS, it contains the fix for a crucial, three year old flaw. If you’re not sure how to update your Apple devices, you can learn how in their support article.

Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.