Emerging Threats

iOS device users should update to 9.2.1 now

iOS device users- update your software now! Apple released an update to iOS 9 this week, which fixes a three-year old cookie theft bug. Cookies are small files that contain various types of data that remember a user, and are placed on your computer or mobile device by websites you visit. This flaw can allow hackers to impersonate users and steal sensitive information by creating a malicious public Wi-Fi network. The hackers then wait for a compromised user to join the network and redirect them to a malicious website designed to steal user credentials. From there, the hacker would be able to open the embedded browser screen you would see when joining a public Wi-Fi network, load content into a user’s phone and execute it without them knowing.

Other ways that this bug can cause mischief:

  • If you are logged in to online services, the bug could steal your authentication cookies and later pretend to be you. Your accounts could be hijacked.
  • If you weren’t logged in, the bug could log you in as someone else, and set authentication cookies for later. You’d think you were logged in, but your later interactions with services could happen under someone else’s name.
  • The flaw can help attackers send users to spoofed websites, which could affect browsing. It can trick the browser into using malicious JavaScript and allowing malware onto the device.

As always, this is a great reminder that you should install updates whenever they become available. They may seem annoying and unimportant, but this fix goes to show that they are quite the opposite. Generally, people don’t tend to look at what the software offers in the update, and in this case, while there are many bug fixes and improvements in this latest version of iOS, it contains the fix for a crucial, three year old flaw. If you’re not sure how to update your Apple devices, you can learn how in their support article.