Feeds

Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit

Plus: iThings and desktops at risk of NEW SSL attack flaw

Beginner's guide to SSL certificates

Apple has released updates to its iOS and OS X operating systems that address serious security flaws.

The company said the iOS 7.1.1 upgrade will include, as well as some stability updates, fixes for 19 security flaws.

One of those vulnerabilities is a "triple handshake" error in iOS SecureTransport – which is part of the OS that provides SSL/TLS encryption for stuff sent across the internet. The flaw, which also affects OS X 10.8.5 and 10.9.2, effectively allows a network snooper to maliciously inject data into a supposedly secure connection.

According to Apple, the bug allows an eavesdropper "to establish two [SSL] connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other".

Also fixed were a flaw in IOKit that leaked kernel pointers – handy for jailbreaking tools – and a possible login cookie disclosure flaw in the iOS HTTPProtocol component. According to Apple: "Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie."

Leveraging the IOKit bug requires the attacker, or jailbreaker, to be running code on the vulnerable device, whereas the SecureTransport and HTTPProtocol flaws can be exploited be anyone managing a point along the network chain, such as an evil Wi-Fi point in a cafe.

WebKit bugs affecting iOS Safari app and others

Meanwhile in the iOS 7.1.1 update, 16 WebKit flaws are fixed, many of which were previously addressed by Apple for the desktop version of the Safari web browser earlier this month. Much like that desktop patch, the iOS update credits discovery of 10 of the flaws to members of Google's security team.

The worst of the WebKit flaws could allow an attacker to remotely execute code on an iThing that visits a maliciously crafted web page. Some resourceful modders have in the past used such flaws to streamline the jailbreaking process on iOS devices.

The iOS 7.1.1 update can be applied to gadgets running iOS 7.1, including iPhone 4 and later models, iPad 2 or later, iPad mini, and iPod touch 5th generation and later. Users can obtain the update in iOS at Settings > General > Software Update component.

Along with that bug-squashing come stability fixes for the fingerprint-recognizing Touch ID, improve on-screen keyboard responsiveness, and resolves a compatibility issue between Bluetooth keyboards and the VoiceOver screen-reading capability.

OS X security updates

Users running OS X should also update their Macs. Apple released a separate security update for OS X which addresses the aforementioned HTTPProtocol, IOKit and severe SecureTransport SSL flaws, along with 10 other fixes for vulnerabilities in components of OS X Mountain Lion (10.8) and Mavericks (10.9), which could allow for elevation of privilege and remote code execution.

On computers running OS X 10.8.5, opening a PDF with specially crafted font data could result in remote-code execution or a crash – effectively allowing miscreants to hijack Macs by sending over dodgy documents to victims. OS X 10.9.2 can be pwned by opening a malicious JPEG thanks to a buffer overflow bug in the operating system's ImageIO component.

A bug in CoreServicesUIAgent on OS X 10.9.2 allows hackers to execute code on victims' machines by making them click on a special URL. The tech giant admitted: "A format string issue existed in the handling of URLs. This issue was addressed through additional validation of URLs."

The Intel Graphics Driver on OS X 10.8.5 and 10.9.2 doesn't validate a pointer from userspace properly, allowing an application running on a vulnerable system to take control of the Mac. Keypresses are now ignored while the machine goes to sleep in OS X 10.9.2, allowing the system to lock properly.

And last, but not least, Apple says "maliciously crafted applications can execute arbitrary code outside the sandbox", thanks to a flaw in WindowServer. Mac users should patch as soon as possible now that these bugs are known. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.