Sunday, January 29, 2017
iOS 6 1 BIG Security Fixes
iOS 6 1 BIG Security Fixes
--
iOS 6.1 was posted today. It contains BIG security fixes which I consider to be critical. This update is available for iPhone 3GS through iPhone 5; iPod Touch 4 through iPod Touch 5; iPad 2 through iPad 4. (Sorry iPad 1 users!).
If you check out the notes provided in iTunes, youd never know about any security fixes unless you clicked the link at the end of Apples brief notes:
For information on the security content of this update, please visit this website:Which then provides a link to here:
http://support.apple.com/kb/HT1222
About the security content of iOS 6.1 Software UpdateThere are, according to my count, 28 security patches. MANY of them are critically dangerous.
Thankfully, Apple provide nice summaries of the CVE issues involved (as opposed to our pals at Oracle regarding Java :-P).
My quick list of problems fixed by iOS 6.1,
with my comments in [brackets]:
~~~~~~~~~~~
Identity Services: Bypass of certificate authorization of an AppleID.
International Components for Unicode: Malicious website cross-site scripting attack.
Kernel: Faulty kernel memory access.
Security: Interception of user credentials and further information due to bad TURKTRUST issued security certificates. [DC- Oh look, yet-another BAD security certificate authority]
StoreKit: Smart App Banner automatic re-enablement of user disabled JavaScript.
WebKit Memory Corruption: 20 memory corruption flaws allowing unexpected application termination or arbitrary code execution. [DC- IOW, potential PWNing of your WebKit browser]
WebKit Content Pasting Validation: Pasting of content onto malicious websites leading to cross-site scripting attack.
WebKit Frame Elements: A cross-site scripting issue in the handling of frame elements leading to cross-site scripting attack.
WiFi: Temporary disablement of WiFi by a remote attacker on the same WiFi network. Caused by Broadcoms BCM4325 and BCM4329 firmware reading out of bounds when handling 802.11i information elements.
~~~~~~~~~~~
No surprise, the majority of issues involve memory management flaws, the continuing plague of modern programming languages and methods.
I suggest updating ASAP. Its always a good idea to have some free space available on your iOS device, especially when updating iOS.
Today I thankfully have not run into any bogged down access to the update. But my iPod Touch 4 booted five times before the update was complete. There is also a new setup process for iCloud required after the update. All went well.
Oh and BTW: The number of malware affecting iOS remains at zero.
(Unless of course youve cracked your iOS device. Then youre on your own. The number of affecting malware is unknown.)
:-Derek
--
Available link for download