Apple’s iOS 8 fixes enterprise Wi-Fi authentication hijacking issue
Apple’s iOS 8 addresses a serious weakness that could allow attackers to hijack the wireless network authentication of Apple devices and gain access to enterprise networks.
“An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods,” Apple said in its security advisory for iOS 8.
The vulnerability stems from Apple’s implementation of the WPA2-Enterprise security protocol that’s widely used on corporate wireless networks because it allows clients to have unique access credentials instead of using a preshared password like in the case of WPA2-Personal, the wireless security protocol used on home networks.
To read this article in full or to leave a comment, please click here