Apple to patch iOS 10 security vulnerability

Image: SIphotography via iStock

Apple is to push an update in order to patch a vulnerability found in its latest operating system iOS 10. The flaw could allow hackers to access passwords and other data, including that generated by the Health app.

Russian firm Elcomsoft found the problem with iOS 10’s back-up protection mechanism, which allows hackers to gain access to information when a device is backed up to a computer, whether a PC or a Mac, using brute force.

In a blog post, Elcomsoft’s Oleg Afonin wrote: “We discovered a major security flaw in the iOS 10 backup protection mechanism. This security flaw allowed us [to] develop a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices.”

He added that the firm discovered “an alternative password verification mechanism added to iOS 10 backups”. When they looked into it, he said Elcomsoft found that the new mechanism skips certain security checks, which allowed them to try out different passwords approximately 2,500 times faster compared to the mechanism used in iOS 9.

Speaking to Fortune, an Apple spokesperson said the firm was aware of the problem, adding that it was "addressing this issue in an upcoming security update”.

The spokesperson said: “This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorised users.”

iOS users have been advised to avoid doing anything that might compromise their devices or computers, including using common passwords.