iOS might be one of the most secure mobile operating system out there but even the best have loopholes. A recent loophole spotted by Israeli firm Skycure Security says that they have found a method to make use of the loophole and make the device vulnerable for open attacks that can steal the data from iOS devices. Malicious users can make use of remote profile installation service on iOS devices to allow malware to be installed on the device that can send user data to servers that steal the data by bypassing Apple’s sandbox protection.
Profiles are files that can be remotely installed from any source and can be designed to access any data on a user’s device. In general Apple has a strict approval process for apps that eliminate almost all of malware apps and beyond that they even have a sandboxing feature that restricts the app to data that it is supposed to access only. But profiles are something that can bypass both these features.
The security firm said that users should be careful in installing profiles on their devices. Even big and reputed carriers like AT&T ask their prepaid users to install a profile from an untrusted source to configure the device for data access. This can actually give an access to hackers to tweak the profiles and get access to user data.
There are a flood of app testing services (freemyapps, freeappslots, appbounty) rising up these days that promise freebies like apps, gift cards and other stuff for downloading apps from their sites and testing them out for a certain duration. Our users need to be careful before trying these sites because they rely on the same service as well by installing profiles on user devices.