Changes in iOS 7 Security Make Kernel More Vulnerable to Attack - MacRumors
Skip to Content

Changes in iOS 7 Security Make Kernel More Vulnerable to Attack

by

A security researcher claims changes Apple made to tighten its kernel security system in iOS 7 instead weakened the system, making it less secure than its iOS 6 counterpart. (Via CNET and ThreatPost) Azimuth Security researcher Tarjei Mandt discovered the flaw and presented his findings last week at CanSecWest.

The security flaw involves the random number generator Apple uses to secure its kernel. In iOS 6, the number generator that encrypted the kernel derived its values in part from the CPU clock counter. Because it was based on time, the encryption was only marginally secure as the output values were predictable, especially when examining successive numbers.

ios7-early-random-number
Apple was aware of the limitations in iOS 6 and attempted to tighten security in iOS 7 by changing the random number generator to a linear congruential generator, which is more susceptible to brute force attacks.

The problem with the new generator in iOS 7 is that it uses a linear recursion algorithm, Mandt said, which has "more correlation" between the values it generates. That makes them easier to extrapolate and guess, he said.

This flaw potentially allows a malicious hacker to gain kernel-level access to an iOS device via an unpatched vulnerability. The kernel is the base part of the iOS operating system and controls low-level functions such as security and resource allocation.

Apple approached Mandt about his findings and asked for his CanSecWest slide presentation.

Related Forum: iOS 7

Top Rated Comments

C
Calexander3103
158 months ago
Deliberate back door?

Couldn't have been an accident that someone missed, could it? Nah....everyone get your tin foil hats out cause everyone's out to get us.


In reality, props to white-hat hackers like Mandt
Score: 9 Votes (Like | Disagree)
C
C DM
158 months ago
I like how negative things like this never makes it to the Front Page and not many throwing a punch at Apple like they do for other companies. I am sure if it was any other company, this news would have been the first frontage news. I feel this is done deliberately by MacRumors for generating $$. Just pathetic.
I came across this story on the front page of MacRumors, as I'm sure many others did.
Score: 3 Votes (Like | Disagree)
L
Laird Knox
158 months ago
Random Number Generators are a tricky business. The company I work for has a whole slew of patents and protected IP just for the RNG we use.
Score: 3 Votes (Like | Disagree)
ArtOfWarfare Avatar
ArtOfWarfare
158 months ago
Modern Intel chips (made after 2008 I think) have ISK which produces actual random values rather than pseudo ones. I guess ARM lacks that right now.
Score: 3 Votes (Like | Disagree)
dumastudetto Avatar
dumastudetto
158 months ago
Deliberate back door?

No. Apple would never do this. They never compromise on customer security for anyone.
Score: 3 Votes (Like | Disagree)
gnasher729 Avatar
gnasher729
158 months ago
It's not in the slides but I'd be curious to know how much brute force is required?
It reads like a restart would require calculation to start again?

Could an app be crafted inside the sandbox to not only gather enough info but to also then have enough time to process that info to get the information it needs to launch an attack without highlighting is presents.

Yes "security by obscurity" = bad. Yes, could be better.
Still if attack needs more than minutes of full throttle processing it goes to take some fairly careful crafting to hid it. Putting more in "Alert but not Alarmed" territory.

It's very hard to say how much of a problem there actually is. My understanding - which may be wrong - is that this random number generator is used at the very early stages while iOS is booting, and is then replaced with something a lot stronger. There's the claim that the random number sequence could be predicted, but then I wonder which non-Apple software would be running on the device at the early stages when this random number generator is in use. Quite possibly none at all.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

MacBook Pro Low Angle Wide Lens

Apple to Launch 'MacBook Ultra' With These Six New Features

Friday April 24, 2026 10:32 am PDT by
While the 14-inch and 16-inch MacBook Pro were just updated with M5 Pro and M5 Max chips last month, bigger changes are reportedly around the corner. According to Bloomberg's Mark Gurman, the higher-end MacBook Pro models will be receiving a major redesign by early 2027, and he said that Apple might use "MacBook Ultra" branding for them. If so, the MacBook Ultra would likely be a...
Read Full Article148 comments
Apple TV Thumb 3

Here's What's Coming in the 2026 Apple TV

Thursday April 23, 2026 12:08 pm PDT by
There are a lot of folks waiting for a new version of the Apple TV because the set-top box hasn't been updated since 2022. There is an update coming this year, but people will need to wait a bit longer because Apple is holding the next Apple TV until the new version of Siri comes out this fall. Design Apple TV design updates don't happen often, and that's not changing in 2026. The next...
Read Full Article164 comments
Mostly Screen iPhone Purple Feature 2027

20th Anniversary iPhone to Feature Custom 'Micro-Curved' OLED Panel

Friday April 24, 2026 3:34 am PDT by
For its 20th-anniversary iPhone, Apple is tapping Samsung to produce a custom micro-curved OLED display that is brighter and thinner than existing panels, according to new supply chain information out of China. Apple is reportedly considering a radical redesign for the 20th-anniversary iPhone that could feature a completely bezel-less display that curves around all four edges of the device. ...
Read Full Article106 comments