Researchers from Singapore identified three security vulnerabilities in Apple's iOS platform between June to October last year which were then fixed by the computing giant in the latest version of its operating system, the iOS 7.
Singapore Management University's (SMU) School of Information Systems and the Infocomm Security Department at Institute for Infocomm Research (I2R), a unit of the Singapore government A*STAR, said their researchers unveiled a generic attack vector that enables third-party applications to launch attacks on non-jailbroken iOS devices.
The research team constructed multiple proof-of-concept attacks such as cracking the device PIN, blocking incoming calls and posting unauthorised tweets. To overcome these security breaches, the team proposed several mitigation methods to enhance the vetting process and the iOS application sandbox. Apple was notified of these security vulnerabilities and rectified them for the launch of iOS 7.
"I2R's expertise in the infocomm security arena has once again been harnessed to benefit the mobile community," said Dr Tan Geok Leng, Executive Director of the Institute for Infocomm Research (I2R).
"The enhanced data protection, secured telephony functionality and protected Twitter functionality will let iOS end-users utilise their mobile devices for leisure or work with peace of mind," said Tan.
"I am pleased to note that our researchers have been able to leverage our expertise and technologies to enhance security in cyber space, and in this case help strengthen the security of the iOS platform to protect the security and privacy of businesses and individuals," said Professor Steven Miller, Vice Provost of Research and Dean of the School of Information Systems, SMU.
Sign up for Computerworld eNewsletters.