Security Firm Discloses Apple iOS 'Malicious Profile' Vulnerability Impact on MDM

At the RSA Conference today, security start-up Skycure plans to disclose a vulnerability in Apple iOS devices that can impact mobile-device management (MDM) systems running on them.

San Francisco -- At the RSA Conference today, security start-up Skycure plans to disclose a vulnerability in Apple iOS devices that can impact mobile-device management (MDM) systems running on them.

According to Skycure co-founders Yair Amit, CTO, and Adi Sharabani, CEO, it's possible for an attacker to set up a hard to detect "malicious profile" hidden on the device to subvert the user, and this vulnerability has been shared with Apple and is expected to be patched in iOS 7.1. The threat of this "hidden profile" vulnerability extends into its possible impact on mobile-device management (MDM) software used on an unpatched iOS device, according to Skycure.

+ ALSO ON NETWORK WORLD Hot, new products from RSA | The 12 Most Powerful Security Companies +

Through local WiFi access, an attacker exploiting this hidden "malicious profile" vulnerability could change the MDM settings on the user's device or otherwise tamper with it, says Sharabani. While the hidden-profile flaw should be easily patched, Skycure thinks the MDM part of this may be related to an underlying "flaw in the design of Apple iOS," he says, which could be "much harder to fix."

Skycure has seen the "malicious profile" attack in the wild, but it hasn't seen the specific MDM attack yet, "but we're concerned it exists out there," Sharabani concluded.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

This story, "Security Firm Discloses Apple iOS 'Malicious Profile' Vulnerability Impact on MDM" was originally published by Network World.

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Download the CIO October 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.