Number: IRCNE2014092322
Date: 2014-09-20
According to “zdnet”, with the release of iOS 8 Apple has disclosed 53 vulnerabilities that are fixed in the new version.
The most serious vulnerabilities would allow an attacker to execute code on the device with root privileges. Several others allow execution of code with kernel or system privileges. These vulnerabilities require the ability to execute code on the device, but that could be accomplished with one of the many remote code execution vulnerabilities also disclosed. Many of these are in the Webkit browser engine, meaning that such an attack could be launched if the user visited a malicious web page.
These issues, many of them severe, remain in earlier versions of iOS. It is Apple's usual practice not to fix them on earlier versions, so users who remain on iOS 7.x remain vulnerable to these issues.
Less shocking, but still severe is the ability for a rogue access point to steal iOS Wi-Fi credentials using an old and broken authentication protocol which was on by default in iOS. The protocol (LEAP) is disabled by default in iOS 8.
Other vulnerabilities are serious, if not so serious as those already described. They could allow attackers to access sensitive information such as logs or the user's Apple ID. Several allow attackers to determine kernel memory characteristics and bypass protections such as ASLR (Address Space Layout Randomization).
- 5