Here’s How the Vulnerability Worked
&
Once accepted, the affected user is able to browse the Internet normally, but the embedded browser shares its unencrypted cookie store with the Safari browser.
Here’s the List of Attacks a Hacker can Perform
According to researchers, this captive portal vulnerability allows an attacker to:
Perform an Impersonation Attack – Attackers could steal users’ unencrypted (HTTP) cookies associated with a website of their choice, allowing them to impersonate the victim’s identity on the particular website.
Perform a Session Fixation Attack – This means, logging the victim into an attacker-controlled account (because of the shared Cookie Store). When the victims browse to the affected site via the Safari mobile browser, they’ll be logged into the hacker’s account instead of their own.
Perform a Cache-Poisoning Attack on the websites of the attacker’s choice (by returning an HTTP response with caching headers). In this way, the attacker could execute malicious JavaScript every time the victim connects to that website in the future via the Safari mobile browser.
Patch Your Device Right Now!
The flaw affected iPhone 4S and iPad 2 devices and later. However, the vulnerability has been resolved with the release of iOS 9.2.1 in which there is an isolated cookie store for captive portals that will keep hackers at bay.
Skycure says that this is the longest time ever taken by Apple to fix a bug, but the patch was much more complicated than it would be for a typical bug. Though, the company says it has no reports of exploits in the wild.
So, in order to keep yourself safe from such attacks, download iOS 9.2.1 as an over-the-air update from the Settings menu on your iOS device right now.