apple

iOS client certificate authentication or iOS13.5 – the real important fix

“Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.”

https://nvd.nist.gov/vuln/detail/CVE-2015-1129#VulnChangeHistoryDiv

Impact: Users may be tracked by malicious websites using client certificates

Description: An issue existed in Safari’s client certificate matching for SSL authentication. This issue was addressed through improved matching of valid client certificates.

security content of iOS 9 @apple

apple, security

apple adds more barriers to increase security

as far fas know from this ios 12.2 beta, there are several improvement/changes, at least in regards to the users security

enroll here: beta.apple.com

ssl security

not just since edward snowden, chelsea manning and other leaked infromation – your data matters – apple adds the noticable change in safari when browsing at webages that a not secure

@ios.gadgethacks.com
This image has an empty alt attribute; its file name is arrow-e1536485014760.jpg

read more about ssl strip @wifi security today and attack vectors

profile installation

profile at ios devices mean everything in enterprise, to enroll a private users device in emm system it is nessccary to manually install the ios mdm profile – before ios 12.2 the profile popped up to install – beginning with the new release, after successfully authenticated with emm the ios profile is download, user needs to manually navigate to settings and select to install profile

motion data

the new motion & orientation access stetting is toggled off by default, a webpage is unable to get accelerometer and gyroscope data from the iPhone – test at what web can to today website with iOS 12.2 beta

ios13 should be available in about 4 months