libnetcore in Apple iOS prior to 8.3, Apple OS X prior to 10.10.3, and Apple TV prior to 7.2 allows malicious users to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
'Phantom' hack sends your iThings into a tailspin of torpor
A vulnerability fixed in this week's Apple patch run can easily brick iPhones, researchers say.
The flaw (CVE-2015-1118) dubbed "Phantom" allows attackers who can trick users into changing their iDevice proxy settings to tap into multiple use-after-free vulnerabilities.
Doing so causes constant ubiquitous app crashing including the system platform. Rebooting sends affected devices into a "coma" state.
FireEye bods Zhaofeng Chen; Hui Xue; Tao Wei, and Yulong Zhang, say attackers...
If left unpatched, one of the vulnerabilities fixed in this week’s iOS update could render an iPhone near useless. If triggered, it could cause networking apps to quit, the system to grind to a halt. In some cases, the device wouldn’t even be able to be rebooted.
The vulnerability, nicknamed Phantom by researchers at FireEye, stems from a misconfiguration in iOS’ HTTP proxy settings. If an attacker tweaked a device’s proxy values accordingly, they could cause several use-after-free...