Number: IRCNE2015102663
Date: 2015/10/24
According to “zdnets”, Apple has fixed 49 separate security vulnerabilities in iOS 9.1. The company, which released the software on Wednesday for iPhones and iPads, detailed the flaws in its updated security documentation.
Two of the fixes were credited to PanguTeam, a well-known jailbreak team based out of China, which earlier this month released the first jailbreak tool for devices running iOS 9.
Jailbreaking (similar to "rooting" for Android phones) allows a user to gain access to more features on a iPhone or iPad, but it comes with additional security risks. It's not illegal but it will void a user's warranty.
Apple said a heap based buffer overflow issue could allow a malicious app "to elevate privileges," similar to how jailbreaking works. Another flaw allows a malicious app to exploit a memory corruption issue to "execute arbitrary code with kernel privileges," which Apple said it fixed this flaw with improved memory handling.
Once a user updates to iOS 9.1, which fixes these flaws, their existing jailbreak will be removed. PanguTeam's updated jailbreak tool, also released Wednesday, does not support iOS 9.1.
Of the other notable flaws, Apple said it fixed a denial-of-service issue in the kernel, and a privacy flaw where phone and message notifications may appear on the lock screen even when the setting is turned off.
- 7