Feeds

Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit

Plus: iThings and desktops at risk of NEW SSL attack flaw

Secure remote control for conventional and virtual desktops

Apple has released updates to its iOS and OS X operating systems that address serious security flaws.

The company said the iOS 7.1.1 upgrade will include, as well as some stability updates, fixes for 19 security flaws.

One of those vulnerabilities is a "triple handshake" error in iOS SecureTransport – which is part of the OS that provides SSL/TLS encryption for stuff sent across the internet. The flaw, which also affects OS X 10.8.5 and 10.9.2, effectively allows a network snooper to maliciously inject data into a supposedly secure connection.

According to Apple, the bug allows an eavesdropper "to establish two [SSL] connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other".

Also fixed were a flaw in IOKit that leaked kernel pointers – handy for jailbreaking tools – and a possible login cookie disclosure flaw in the iOS HTTPProtocol component. According to Apple: "Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie."

Leveraging the IOKit bug requires the attacker, or jailbreaker, to be running code on the vulnerable device, whereas the SecureTransport and HTTPProtocol flaws can be exploited be anyone managing a point along the network chain, such as an evil Wi-Fi point in a cafe.

WebKit bugs affecting iOS Safari app and others

Meanwhile in the iOS 7.1.1 update, 16 WebKit flaws are fixed, many of which were previously addressed by Apple for the desktop version of the Safari web browser earlier this month. Much like that desktop patch, the iOS update credits discovery of 10 of the flaws to members of Google's security team.

The worst of the WebKit flaws could allow an attacker to remotely execute code on an iThing that visits a maliciously crafted web page. Some resourceful modders have in the past used such flaws to streamline the jailbreaking process on iOS devices.

The iOS 7.1.1 update can be applied to gadgets running iOS 7.1, including iPhone 4 and later models, iPad 2 or later, iPad mini, and iPod touch 5th generation and later. Users can obtain the update in iOS at Settings > General > Software Update component.

Along with that bug-squashing come stability fixes for the fingerprint-recognizing Touch ID, improve on-screen keyboard responsiveness, and resolves a compatibility issue between Bluetooth keyboards and the VoiceOver screen-reading capability.

OS X security updates

Users running OS X should also update their Macs. Apple released a separate security update for OS X which addresses the aforementioned HTTPProtocol, IOKit and severe SecureTransport SSL flaws, along with 10 other fixes for vulnerabilities in components of OS X Mountain Lion (10.8) and Mavericks (10.9), which could allow for elevation of privilege and remote code execution.

On computers running OS X 10.8.5, opening a PDF with specially crafted font data could result in remote-code execution or a crash – effectively allowing miscreants to hijack Macs by sending over dodgy documents to victims. OS X 10.9.2 can be pwned by opening a malicious JPEG thanks to a buffer overflow bug in the operating system's ImageIO component.

A bug in CoreServicesUIAgent on OS X 10.9.2 allows hackers to execute code on victims' machines by making them click on a special URL. The tech giant admitted: "A format string issue existed in the handling of URLs. This issue was addressed through additional validation of URLs."

The Intel Graphics Driver on OS X 10.8.5 and 10.9.2 doesn't validate a pointer from userspace properly, allowing an application running on a vulnerable system to take control of the Mac. Keypresses are now ignored while the machine goes to sleep in OS X 10.9.2, allowing the system to lock properly.

And last, but not least, Apple says "maliciously crafted applications can execute arbitrary code outside the sandbox", thanks to a flaw in WindowServer. Mac users should patch as soon as possible now that these bugs are known. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
Founder (and internet passport fan) now says privacy is precious
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Facebook, Google and Instagram 'worse than drugs' says Miley Cyrus
Italian boffins agree with popette's theory that haters are the real wrecking balls
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
Facebook to let stalkers unearth buried posts with mobe search
Prepare to HAUNT your pal's back catalogue
Ex-IBM CEO John Akers dies at 79
An era disrupted by the advent of the PC
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.