iOS Sandbox Vulnerability Puts Enterprise Data at Risk
"Change is the only constant thing," as it is known could be now modified as "Change is the only constant thing*," where the * means Terms and conditions apply!

A change (Mobile Device Management solutions-MDM, Bring Your Own Device-BYOD) was brought to the organizations, (which later became necessities) for smooth workflow and management of an organization; where resides mobile and other computing devices in masses.

The devices, as well as the MDM solutions, are at risk, as reported.

Security researchers at Appthority Mobile Threat Team, have found a vulnerability in the sandbox app within the Apple's iOS versions prior to 8.4.1, which makes the configuration settings of managed applications to be openly accessed by anyone.

QuickSand – Loophole in Sandbox

The vulnerability is assigned CVE-2015-5749 and is named as 'QuickSand' because of the loophole being present in the Sandbox.

Mobile Device Management (MDM) refers to managing the deployment, security and integration of all the mobile devices, including smartphones, tablets, and laptops, in an organization.

The aim of MDM solutions is to increase the use of mobile devices by keeping them secure within the enterprise while simultaneously protecting the corporate network.

MDM solutions are mostly dependent on vendors who implement the services based on their devices' management features.

MDM and EMM (Enterprise Mobility Management) solutions are delivered by vendors like FancyFon, AirWatch, MobileIron and AmTel MDM, allowing organizations to install corporate apps, including configuration and credentials, to its mobile devices.

This poses as a solution for employees to get an easy access to corporate resources.

Now, the researchers claim this violation is capable of affecting all MDM clients as well as any mobile apps distributed via an MDM in a corporate environment that use the 'Managed App Configuration' setting to configure and store private settings and information.

Here's what the researchers at Appthority wrote in a blog post:
The underlying issue with our critical sandbox violation discovery is that not only can a mobile app (or the MDM app itself) have access to this sensitive set-up and authentication information stored on the device, but anyone (or any app on any device) can also see the credential [data] on the mobile device as it is stored 'world readable'.

How the Attack Works?

The attackers can fool the users - in an environment where the MDM solution has been implemented - in two ways:
  1. Pushing a malicious app in the complete organization, imitating as a productivity app that many users may install.
  2. Targeting a particular user and luring him into various cyber attacks like phishing.
This is a vital situation, where chances of an organization becoming victims of the severe cyber attack are high. Sensitivity and size of the information being managed using MDM solutions do matter.

As today, the vulnerability may not be that critical in nature but it has certainly opened gates for the potential attackers to get away with the data and information.

Appthority and Apple security have worked together to the fix the vulnerability, which has been patched but for the iOS version 8.4.1 as of now.

Further, Appthority Mobile Threat Team has demonstrated the weakness with the MDM and provides some recommendations; you can link to their official blog for in-depth details.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.