• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Shedload of security bugs squashed in iOS 9 - what the hell went wrong with iOS 8?

Blanka

Alfrescian
Loyal

Shedload of security bugs squashed in iOS 9 – what the hell went wrong with iOS 8?


Apps hijacking devices, text files executing code

apple_skull.jpg


16 Sep 2015 at 18:55, Team Register

Apple's latest version of iOS – iOS 9 – is out today with new features and security fixes. A lot of security fixes: 101 potentially exploitable bugs, we count.

If you've got a compatible device, you may well want to upgrade sooner rather than later – certainly before people start trying to exploit these security holes.

The
full list of flaws is here. We've already separately reported on the AirDrop blunder. Here are some of the highlights of the other bugs in no particular order:

  • An attacker with a privileged network position may intercept SSL/TLS connections.
  • A malicious application may be able to leak sensitive user information: applications could access the screen framebuffer while they were in the background.
  • Processing a maliciously crafted text file may lead to arbitrary code execution: a memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking.
  • Processing a maliciously crafted font file may lead to arbitrary code execution: a memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
  • A malicious application may be able to execute arbitrary code with system privileges: a memory corruption issue existed in dyld. This was addressed through improved memory handling.
  • An application may be able to bypass code signing: an issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking.
  • A malicious application may be able to execute arbitrary code with system privileges: a memory corruption issue existed in IOHIDFamily. This issue was addressed through improved memory handling.
  • AppleID credentials may persist in the keychain after sign out: an issue existed in keychain deletion. This issue was addressed through improved account cleanup.
  • Visiting a maliciously crafted website may lead to arbitrary code execution: memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • An attacker may be able to determine a private key: by observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.
  • An attacker can send an email that appears to come from a contact in the recipient's address book.
  • A malicious enterprise application can install extensions before the application has been trusted.
  • A maliciously crafted URL may be able to bypass HTTP Strict Transport Security (HSTS) and leak sensitive data.

And so on. Lots of gems in there.

Reg comment


What to make of it all? Well, at least they've been found, reported, and fixed, and the patched software released for free. Apple employs a lot of clever and capable people, who are very well compensated. Isn't it time for a multinational technology giant with smart folks, plenty of resources, and endless billions of dollars in the bank, to start shutting down whole classes of bugs in its products?

Articles have typos, people make mistakes, software has bugs. But arbitrary code execution caused by a failure to check the bounds of a buffer when processing text? C'mon. It's 1998 all over again.



 
Top