A security researcher claims changes Apple made to tighten its kernel security system in iOS 7 instead weakened the system, making it less secure than its iOS 6 counterpart. (Via CNET and ThreatPost) Azimuth Security researcher Tarjei Mandt discovered the flaw and presented his findings last week at CanSecWest.

The security flaw involves the random number generator Apple uses to secure its kernel. In iOS 6, the number generator that encrypted the kernel derived its values in part from the CPU clock counter. Because it was based on time, the encryption was only marginally secure as the output values were predictable, especially when examining successive numbers.

ios7-early-random-number
Apple was aware of the limitations in iOS 6 and attempted to tighten security in iOS 7 by changing the random number generator to a linear congruential generator, which is more susceptible to brute force attacks.

The problem with the new generator in iOS 7 is that it uses a linear recursion algorithm, Mandt said, which has "more correlation" between the values it generates. That makes them easier to extrapolate and guess, he said.

This flaw potentially allows a malicious hacker to gain kernel-level access to an iOS device via an unpatched vulnerability. The kernel is the base part of the iOS operating system and controls low-level functions such as security and resource allocation.

Apple approached Mandt about his findings and asked for his CanSecWest slide presentation.

Related Forum: iOS 7

Top Rated Comments

Calexander3103 Avatar
Calexander3103
145 months ago
Deliberate back door?

Couldn't have been an accident that someone missed, could it? Nah....everyone get your tin foil hats out cause everyone's out to get us.


In reality, props to white-hat hackers like Mandt
Score: 9 Votes (Like | Disagree)
C DM Avatar
C DM
145 months ago
I like how negative things like this never makes it to the Front Page and not many throwing a punch at Apple like they do for other companies. I am sure if it was any other company, this news would have been the first frontage news. I feel this is done deliberately by MacRumors for generating $$. Just pathetic.
I came across this story on the front page of MacRumors, as I'm sure many others did.
Score: 3 Votes (Like | Disagree)
Laird Knox Avatar
Laird Knox
145 months ago
Random Number Generators are a tricky business. The company I work for has a whole slew of patents and protected IP just for the RNG we use.
Score: 3 Votes (Like | Disagree)
ArtOfWarfare Avatar
ArtOfWarfare
145 months ago
Modern Intel chips (made after 2008 I think) have ISK which produces actual random values rather than pseudo ones. I guess ARM lacks that right now.
Score: 3 Votes (Like | Disagree)
dumastudetto Avatar
dumastudetto
145 months ago
Deliberate back door?

No. Apple would never do this. They never compromise on customer security for anyone.
Score: 3 Votes (Like | Disagree)
gnasher729 Avatar
gnasher729
145 months ago
It's not in the slides but I'd be curious to know how much brute force is required?
It reads like a restart would require calculation to start again?

Could an app be crafted inside the sandbox to not only gather enough info but to also then have enough time to process that info to get the information it needs to launch an attack without highlighting is presents.

Yes "security by obscurity" = bad. Yes, could be better.
Still if attack needs more than minutes of full throttle processing it goes to take some fairly careful crafting to hid it. Putting more in "Alert but not Alarmed" territory.

It's very hard to say how much of a problem there actually is. My understanding - which may be wrong - is that this random number generator is used at the very early stages while iOS is booting, and is then replaced with something a lot stronger. There's the claim that the random number sequence could be predicted, but then I wonder which non-Apple software would be running on the device at the early stages when this random number generator is in use. Quite possibly none at all.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

AirPods Pro 3 Mock Feature

AirPods Pro 3 Just Months Away – Here's What We Know

Friday April 18, 2025 5:16 am PDT by
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
Read Full Article100 comments
iphone 17 air dummy unbox therapy

iPhone 17 Air's Extreme Thinness Demoed in New Video

Tuesday April 22, 2025 10:22 am PDT by
Apple plans to release an all-new super thin iPhone this year, debuting it alongside the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max. We've seen pictures of dummy models, cases, and renders with the design, but Lewis Hilsenteger of Unbox Therapy today showed off newer dummy models that give us a better idea of just how thin the "iPhone 17 Air" will be. The iPhone 17 Air is expected to be ...
Read Full Article158 comments
iphone 17 dummies sonny dickson

iPhone 17 Air Almost as Thin as Its Buttons, New Images Show

Thursday April 24, 2025 2:14 am PDT by
If you missed the video showing dummy models of Apple's all-new super thin iPhone 17 Air that's expected later this year, Sonny Dickson this morning shared some further images of the device in close alignment with the other dummy models in the iPhone 17 lineup, indicating just how thin it is likely to be in comparison. The iPhone 17 Air is expected to be around 5.5mm thick – with a thicker ...
Read Full Article91 comments
ipad air windows 11 arm

M2 iPad Air Runs Windows 11 ARM via Emulation, Thanks to EU Rules

Tuesday April 22, 2025 5:01 am PDT by
A developer has demonstrated Windows 11 ARM running on an M2 iPad Air using emulation, which has become much easier since the EU's Digital Markets Act (DMA) regulations came into effect. As spotted by Windows Latest, NTDev shared an instance of the emulation on social media and posted a video on YouTube (embedded below) demonstrating it in action. The achievement relies on new EU regulatory...
Read Full Article99 comments
iphone 16 pro models 1

17 Reasons to Wait for the iPhone 17

Thursday April 17, 2025 4:12 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup. If you skipped the iPhone...
Read Full Article105 comments
iOS 18

iOS 18.5 Includes Only a Few Changes So Far

Monday April 21, 2025 11:00 am PDT by
Apple seeded the third beta of iOS 18.5 to developers today, and so far the software update includes only a few minor changes. The changes are in the Mail and Settings apps. In the Mail app, you can now easily turn off contact photos directly within the app, by tapping on the circle with three dots in the top-right corner. In the Settings app, AppleCare+ coverage information is more...
Read Full Article91 comments
iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching Later This Year With These 13 New Features

Wednesday April 23, 2025 8:31 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article