Be careful which WiFi hotspots you use — Skycure has just revealed a web-based exploit that lets attackers hijack an iOS device on the same network through its mobile apps. The technique intercepts some apps’ attempts to cache a web status message, redirecting the request to a hostile server; after that, an intruder can stealthily inject malware from any location.
Thankfully, there are already some solutions at hand. Victims can uninstall apps to scrub their devices clean, and Skycure has released app code that prevents the web caching from taking place. It may be a while before iOS users can assume that their apps are safe, but we wouldn’t expect the vulnerability to remain for long.
[via]
