Number: IRCNE2014072234
Date: 2014-07-02
According to “zdnet”, Apple has released new versions of iOS, OS X, Safari and Apple TV, and disclosed the vulnerabilities fixed in those new versions. A total of 60 unique vulnerabilities are addressed in the products. As is common with Apple, some of the vulnerabilities are quite old.
iOS 7.1.2 fixes 44 vulnerabilities in the previous version. These include two lock screen bugs and two which could allow bypass of Find My iPhone and Activation Lock, the new anti-theft measures. The new version also adds encryption of attachments in the Mail app, a problem first reported two months ago. The usual long list of WebKit bugs is fixed and the list of trusted root certificates was updated.
OS X Mavericks v10.9.4 and Security Update 2014-003 fix 19 vulnerabilities in earlier versions. Several privilege escalation bugs are listed here; in combination with an arbitrary code execution bug, which is also readily available, an attacker could take complete control of the system.
Safari 6.1.5 and Safari 7.0.5 fix 12 vulnerabilities in earlier versions. The most interesting is CVE-2014-1345, by which an attacker could spoof the domain name in the address bar, an excellent phishing tool.
Finally, Apple TV 6.1.2 fixes 35 vulnerabilities in earlier versions, many of them the same as those fixed in OS X and iOS.
- 2