The vulnerability affects a file known as mobileconf files, which are used by cell phone carriers to configure system-level settings. These can include Wi-Fi, VPN, email, and APN settings. Apple used to use them to deliver patches, and carriers sometimes use them to distribute updates.
Adi Sharabani, CEO and co-founder of Skycure, made a demonstration that how sensitive information, including the victim's exact location, could be retrieved, while also controlling the user's iPhone.
In Demo, he setup a fake website with a prompt to install a configuration profile and sent the link out to Victim. After installing it, he found out they were able to pull passwords and other data without his knowledge.
These malicious profiles can be emailed or downloaded from Web pages and after being installed, and attacker able to change a large number of iPhone settings.
If used maliciously, these profiles can be very dangerous. Even though their use is approved by Apple, they aren't subject to the standard sandboxing rules that apply to third party App Store apps and websites.
Other than an attack on privacy, this could lead to more dangerous consequences as an example, it is quite easy to change a GPS destination while driving and send the smartphone owner to a location the attacker chooses.
Other than an attack on privacy, this could lead to more dangerous consequences as an example, it is quite easy to change a GPS destination while driving and send the smartphone owner to a location the attacker chooses.
