Number: IRCNE2014102350
Date: 2014/10/21
According to “zdnet”, the big news about iOS 8.1, released today, is support for Apple Pay and a few less-notable features. But there are some new security updates.
It's only about a month since iOS 8.0 was released fixing 53 vulnerabilities in 7.1, so not much is likely to have crept up in the meantime.
iOS 8.1 fixes five vulnerabilities in version 8.0. One of them is the POODLE vulnerability in SSL version 3, already fixed in most other Apple software.
Other bugs fixed in this update:
If an iOS device had already been paired with a Bluetooth accessory of a certain type, then an attacker could spoof the accessory and establish an unencrypted connection with the iOS device.
Sometimes files written to an app's Documents directory were encrypted with a weak key.
An attacker on the same network segment could force iCloud data access clients to leak sensitive information.
QuickType, the new software keyboard in iOS 8, could learn user credentials.
Apple also released Apple TV 7.0.1 today, fixing two vulnerabilities. One of these is the POODLE bug and the other is the Bluetooth pairing bug described above for iOS.
- 2