An Omani official from the Oman National Computer Emergency Readiness Team (OCERT) has discovered an iOS loophole in iPhone 6S phones and later that could lead to a leak of user information to unauthorized people. 

Apple has said that the loophole was in its Quick Look feature and affected iPhone 6S and later phones.

According to the statement by Apple, the impact of the loophole was “Processing a maliciously crafted file may disclose user information, a permissions issue existed in which execute permission was incorrectly granted."

“This issue was addressed with improved permission validation,” the statement added.

Apple thanked Saif Al Hinai of OCERT and Yigit Can Yilmaz for the discovery.

A statement by OCERT read: “The loophole was an issue in permissions that gave an incorrect permission that would allow user data to be leaked.

“OCERT, represented by the researcher Saif Al Hinai, Senior Cyber-security Analyst, has been able to discover the security loophole in the iOS system of Apple. The centre contacted apple to provide the details of this loophole.”

Apple worked on resolving the issue and then documented it in the name of Al Hinai and one other man.

“After that, the company conducted its investigation and fixed the loophole in its lates iOS 13. Apple has also documented the loophole’s discovery in the name of the centre and the Omani researcher on 27 September, 2019, using the identifier code CVE-2019-8731.”

This is not the first time that the centre has found loopholes in Apple phones.

“This is the second discovery of loopholes in the name of an analyst at OCERT. The first was documented on 20 December, 2016, with the identification number CVE-2016-7667."

“Discovering these loopholes in the iOS systems is considered part of the cooperation in cybersecurity between OCERT and global technology companies.”

The centre added that people should always update their software in order to get the latest security features.
 

Share This Post