iOS 7.1 released, fixes a lot of security issues

10. March 2014 Security 0

Today Apple pushed out iOS 7.1 that comes with some new features and enhancements but also quite a few security patches. These fixes make the update an important one that should be installed on any device that currently run iOS 7. Owners of iPhone 4 and 4S can look forward to a more responsive overall experience and with more control over contrast, brightness and white balance some improved battery life can be expected as well. I find it runs noticeably smoother on my iPhone 5 as well.

The security issues addressed are described in this document but here are a few highlights showing the part of the OS that was impacted and a description of how the vulnerability could be exploited:
Backup
Impact:  A maliciously crafted backup can alter the filesystem
Description:  A symbolic link in a backup would be restored, allowing
subsequent operations during the restore to write to the rest of the
filesystem.

FaceTime
Impact:  A person with physical access to the device may be able to
access FaceTime contacts from the lock screen
Description:  FaceTime contacts on a locked device could be exposed
by making a failed FaceTime call from the lock screen.

ImageIO
Impact:  Viewing a maliciously crafted JPEG file may lead to the
disclosure of memory contents
Description:  An uninitialized memory access issue existed in
libjpeg’s handling of JPEG markers, resulting in the disclosure of
memory contents.

IOKit HID Event
Impact:  A malicious application may monitor on user actions in other apps
Description:  An interface in IOKit framework allowed malicious apps
to monitor on user actions in other apps.

Profiles
Impact:  A configuration profile may be hidden from the user
Description:  A configuration profile with a long name could be
loaded onto the device but was not displayed in the profile UI.

Safari
Impact:  User credentials may be disclosed to an unexpected site via
autofill
Description:  Safari may have autofilled user names and passwords
into a subframe from a different domain than the main frame.

You can red all of the patches in the document I liked to earlier. I don’t have to tell you that having the contents of your Idevice’s memory leaked, Safari handing out your saved names and passwords and apps being able to monitor your actions in other apps (think banking app, paypal etc) is a bad thing. A configuration profile can be used to control almost every aspect of your phone so having one that you don’t know about can also be a disaster. To me these are major issues but you won’t see mention of them in the mainstream news like you probably did with the GoToFail issue not too long ago. Good for Apple but bad for iOS users that don’t know these security issues exist. So if you read this, be a pal and let your friends and family know they should update their iDevices 🙂 It’s only been a couple of hours but I like the changes and improvements the 7.1 update brought. I’ve heard from a few iPhone 4 and 4S owners they see a difference in responsiveness as well. This is important to mention as most (if not all) 4 and 4S owners regret ever installing iOS 7 because it turned their once fast phone into a sluggish one. This is a good time to get some performance back specially on those older models and fix big security flaws in the process.


Leave a Reply

Your email address will not be published. Required fields are marked *

*