This is because Adi Sharabani and Yair Amit from SkyCure, a mobile device security company, have unveiled the vulnerability iOS 8 during the 2015 RSA Conference. It will enable hackers to crash any iPhone or iPad which connects to a wireless network.
Due to this vulnerability, the hackers will be able to manipulate SSL certificates which are used by almost every single app on Apple’s App Store. The hackers will then send them over Wi-Fi to the victim, causing the iPhone or iPad to crash and reboot.
However, SkyCure has provided only limited technical details becuase it does not want the attackers to know the exact method. The company also affirmed that it is working with Apple to help remove the potential vulnerability in iOS 8.
SkyCure has explained in a blog post that for the DoS to actually happen, a Wi-Fi router would need to be setup with a “specific configuration.” A particularly designed SSL certificate would be required for a hacker to perform the DoS, with a script exploiting this bug that SkyCure says is within iOS 8 and the apps on it:
“With our finding, we rushed to create a script that exploits the bug over a network interface. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.”
The attackers will not able to access any critical information from your device. The attack’s effects are limited to crashing connected iPhones and iPads.
This type of attacks are likely to be used at events such as protests, concerts, marches and other events where a lot of people will be looking to connect to wireless networks.