An article over at eSecurityplanet details the latest release of Metasploit, including details on how it now has exploit modules for iOS devices.
Metasploit is an open-source framework designed to help with things like penetration testing and security audits. Since its inception in 2003, it has become a one-stop-shop for everything security related, from having a vulnerability database to anti-forensic tools designed to hide your tracks once you've accessed a vulnerable system. The latest version, 3.7, contains at least 35 additional modules, various performance improvements and marks the first time the framework targets Apple's iOS platform.
if you own an iPhone or an iPad, you can rest easy, the exploits demonstrated at this year's Pwn2Own has already been patched by Apple and the Metasploit example requires a user to already have access to your iTunes system. While this may sound somewhat unlikely, HD Moore, who created Metasploit, was quick to point out that in a corporate environment this would be a likely scenario:
"In large corporate environments, a single domain administrator login can yield access to hundreds of desktop systems, and the Metasploit Pro product makes it easy to scavenge these iTunes backup files from the entire network at once" - HD Moore
It's hard to understate the popularity of Apple's devices and with their own Mac OS attracting unscrupulous attention, it was only a matter of time before people started to target iOS. Still, for your average Apple owner, not much has changed - staying up to date should be more than enough to keep you safe.
5 Comments - Add comment