VPN Articles and News

Top iOS 8 Security Flaws Fixed

Monday, November 17th, 2014

iOS 8 is the latest mobile operating system from Apple that would power iPhones and iPads. While the launch of the new OS was marred by iPhone’s bendgate issue and reports that some users were unable to make calls or unlock their devices through Touch ID when the OS was updated, Apple has done a lot of work under the hood and fixed as many as 53 security flaws that existed in the previous versions of the operating system. Here is a list of top security issues addressed by Apple in iOS8:

1) Kernel – Apple has fixed lots of kernel related security issues in its new OS. A memory issue existing within network statistics interface allowed users to read kernel’s memory, another security flaw allowed people having privileged network positions to cause a denial of service attack while a third flaw allowed users to execute random code or initiate system termination due to issues related to Mach ports. All these issues have now been fixed by Apple.

2) Bluetooth – In the previous versions of iOS, Bluetooth was automatically enabled whenever the OS was updated. As you can imagine, this flaw compromises device security considerably. Starting from iOS8, Bluetooth would be enabled only for major version updates and not for minor tweaks to the OS.

3) Wi-Fi – Earlier it was possible for hackers to track a particular Apple device through its Wi-Fi Mac address since the same Mac address was used every time while searching for networks. Apple has now addressed this issue by randomizing Mac addresses for network search. In addition, iOS8 has patched the security flaw that allowed hackers to setup and impersonate Wi-Fi access points and steal user credentials by authenticating data through LEAP.

4) Safari – The previous versions of Safari automatically disclosed user credentials to unintended sites (even phishing sites) through the autofill feature. Now Safari checks for valid certificates and verifies the origin of the sites before supplying user data.

5) WebKit – In the earlier versions of iOS, visiting malicious sites caused random code execution or app termination. This flaw existed due to memory issues related to WebKit but it has now been fixed by Apple.

6) Installation of Apps – Previously it was possible for hackers having access to /tmp folder on an Apple device to install unverified apps but it no longer possible for anyone to do so.

7) Mail – Due to existence of a logic issue, it was possible for anyone having access to an Apple device to extract contents of email attachments. In iOS8, the logic issue has been addressed so your email attachments are now a lot more secure.

8) Sandbox – The sandbox used by third party apps apparently had an information disclosure issue so it was possible to access Apple ID through such apps. Now the sandbox profile has been improved so third party apps won’t be able to access your Apple ID.

9) IOKit – There were multiple issues related to IOKit that allowed malicious apps to execute dangerous code with system privileges. All these issues have been addressed in iOS8 so your device and data would remain protected from all sorts of security issues.

10) CoreGraphics – iOS8 has improved integer overflow and out of bound memory issues that were causing problems during handling of PDF files.

November 17, 2014

Leave a Reply

Your email address will not be published. Required fields are marked *

1 + 6 =