wraggster
August 21st, 2015, 22:21
A vulnerability in Apple's iOS sandbox, which could affect personal information as well as configuration settings (https://www.appthority.com/enterprise-mobile-threats/2015/08/19/quicksand-a-new-enterprise-ios-vulnerability/), has been discovered by Appthority's Enterprise Mobility Threat Team. It affects all mobile device management (MDM) clients, and any mobile applications distributed by an MDM (http://www.computerworld.com/article/2973984/apple-ios/vulnerability-in-enterprise-managed-ios-devices-puts-business-data-at-risk.html) that use the "Managed App Configuration" setting for private data. An attacker could potentially create a rogue app, perhaps masquerading as a productivity tool to increase the chances of it getting installe
d, and then distribute the attack by means of the iTunes store (http://thestack.com/mdm-vulnerability-apps-apple-ios-sandbox-210815) or "spear fishing" email attacks.
http://apple.slashdot.org/story/15/08/21/1219247/mdm-vulnerability-in-apple-ios-sandbox-facilitates-rogue-apps
d, and then distribute the attack by means of the iTunes store (http://thestack.com/mdm-vulnerability-apps-apple-ios-sandbox-210815) or "spear fishing" email attacks.
http://apple.slashdot.org/story/15/08/21/1219247/mdm-vulnerability-in-apple-ios-sandbox-facilitates-rogue-apps