A security researcher has warned iPhone and iPad users to upgrade to the recently rolled out iOS 9.2.1 if they don't want cybercriminals to steal their cookies and impersonate them.
Yair Amit of Skycure disclosed details regarding the flaw that he and Adi Sharabani uncovered, and which took Apple almost three years to fix. Amit says Skycure privately reported the bug in June 2013.
He says that this is the longest it has taken for Apple to fix a security flaw they reported.
The flaw, which Skycure calls the "shared cookie stores bug," is among the tons of bugs and security issues Apple has fixed with iOS version 9.2.1.
"When iOS users connect to a captive-enabled network (commonly used on most of the free and paid Wi-Fi networks at hotels, airports, cafes, etc.), a window is shown automatically on users' screens, allowing them to use an embedded browser to log into network via an HTTP interface," says Amit.
The user can then browse the Web normally, once accepted. However, the embedded browser shares the cookie store with Safari.
To put it simply, the hackers can steal the unencrypted cookies stored on a compromised iDevice. This can then result in impersonation attacks.
Based on an initial advisory of Apple, the flaw affected the iPhone 4s, the fifth-generation iPod Touch, the iPad 2 and later versions of those devices.
The security researcher underscores that downloading and installing the most recent iOS 9 update will fix this security flaw.
The iOS 9.2.1 update also fixes a particular issue that could halt the completion of app installation when the device owner uses a Mobile Device Management (MDM) server.
What the update doesn't fix, however, is the battery percentage indicator problem. Apple promises that it is already working on a solution to resolve this issue.
Even if iOS 9.2.1 is already released to the public, the company is already cooking up version 9.3. In fact, it already rolled out the iOS 9.3 beta version, which is packed with a slew of new features.
For one, we earlier reported that Apple now lets iPhone users hide default apps they never want to see and use. These home screen apps can be disabled by means of the bundle ID.
This latest iteration of iOS 9 will also bring in Night Shift Mode, which will make night-time reading easier on the eyes.