Number: IRCNE2015072557
Date: 2015/07/02
According to “zdnet”, Apple has released new versions of iOS and OS X with patches for dozens of security flaws.
The Cupertino, Calif-based firm said in a security advisory version 8.4 of the iOS mobile operating system contains over 20 fixes for vulnerabilities which could lead to remote code execution, application termination and the interception of encrypted traffic, among other issues.
Within the update, the iPad and iPhone maker has tackled the Logjam flaw, a cryptographic weakness in algorithms used by the Diffie-Hellman key exchange, a popular way for Internet protocols to agree on shared encryption keys and create secure communication channels.
As Diffie-Hellman is used in a number of protocols which rely on TLS as well as HTTPS, SSH, IPsec and SMTPS, tens of thousands of HTTPS websites and servers were made vulnerable to eavesdropping and the interception of secure communication, which in turn could lead to man-in-the-middle (MITM) attacks.
An interesting security problem now patched by Apple relates to Mobile Installation. An issue existed in the install logic for universal provisioning profile apps on the Apple Watch wearable, which in turn created a collision to occur with existing bundle IDs. A malicious app could then prevent a Watch app from launching.
Certificate trust policy problems, memory corruption flaws, buffer overflow vulnerabilities and a host of WebKit, kernel and CoreText flaws were also patched in the latest iOS update.
User authentication exploits, remote code execution flaws, apache compatibility issues, CoreText problems and multiple buffer flow vulnerabilities were also addressed.
- 10