Feeds

Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit

Plus: iThings and desktops at risk of NEW SSL attack flaw

Choosing a cloud hosting partner with confidence

Apple has released updates to its iOS and OS X operating systems that address serious security flaws.

The company said the iOS 7.1.1 upgrade will include, as well as some stability updates, fixes for 19 security flaws.

One of those vulnerabilities is a "triple handshake" error in iOS SecureTransport – which is part of the OS that provides SSL/TLS encryption for stuff sent across the internet. The flaw, which also affects OS X 10.8.5 and 10.9.2, effectively allows a network snooper to maliciously inject data into a supposedly secure connection.

According to Apple, the bug allows an eavesdropper "to establish two [SSL] connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other".

Also fixed were a flaw in IOKit that leaked kernel pointers – handy for jailbreaking tools – and a possible login cookie disclosure flaw in the iOS HTTPProtocol component. According to Apple: "Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie."

Leveraging the IOKit bug requires the attacker, or jailbreaker, to be running code on the vulnerable device, whereas the SecureTransport and HTTPProtocol flaws can be exploited be anyone managing a point along the network chain, such as an evil Wi-Fi point in a cafe.

WebKit bugs affecting iOS Safari app and others

Meanwhile in the iOS 7.1.1 update, 16 WebKit flaws are fixed, many of which were previously addressed by Apple for the desktop version of the Safari web browser earlier this month. Much like that desktop patch, the iOS update credits discovery of 10 of the flaws to members of Google's security team.

The worst of the WebKit flaws could allow an attacker to remotely execute code on an iThing that visits a maliciously crafted web page. Some resourceful modders have in the past used such flaws to streamline the jailbreaking process on iOS devices.

The iOS 7.1.1 update can be applied to gadgets running iOS 7.1, including iPhone 4 and later models, iPad 2 or later, iPad mini, and iPod touch 5th generation and later. Users can obtain the update in iOS at Settings > General > Software Update component.

Along with that bug-squashing come stability fixes for the fingerprint-recognizing Touch ID, improve on-screen keyboard responsiveness, and resolves a compatibility issue between Bluetooth keyboards and the VoiceOver screen-reading capability.

OS X security updates

Users running OS X should also update their Macs. Apple released a separate security update for OS X which addresses the aforementioned HTTPProtocol, IOKit and severe SecureTransport SSL flaws, along with 10 other fixes for vulnerabilities in components of OS X Mountain Lion (10.8) and Mavericks (10.9), which could allow for elevation of privilege and remote code execution.

On computers running OS X 10.8.5, opening a PDF with specially crafted font data could result in remote-code execution or a crash – effectively allowing miscreants to hijack Macs by sending over dodgy documents to victims. OS X 10.9.2 can be pwned by opening a malicious JPEG thanks to a buffer overflow bug in the operating system's ImageIO component.

A bug in CoreServicesUIAgent on OS X 10.9.2 allows hackers to execute code on victims' machines by making them click on a special URL. The tech giant admitted: "A format string issue existed in the handling of URLs. This issue was addressed through additional validation of URLs."

The Intel Graphics Driver on OS X 10.8.5 and 10.9.2 doesn't validate a pointer from userspace properly, allowing an application running on a vulnerable system to take control of the Mac. Keypresses are now ignored while the machine goes to sleep in OS X 10.9.2, allowing the system to lock properly.

And last, but not least, Apple says "maliciously crafted applications can execute arbitrary code outside the sandbox", thanks to a flaw in WindowServer. Mac users should patch as soon as possible now that these bugs are known. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.