Shedload of security bugs squashed in iOS 9 – what the hell went wrong with iOS 8?

Apps hijacking devices, text files executing code

Skull in an Apple by https://www.flickr.com/photos/walkn/ https://creativecommons.org/licenses/by/2.0/  CC 2.0 attribution generic

Apple's latest version of iOS – iOS 9 – is out today with new features and security fixes. A lot of security fixes: 101 potentially exploitable bugs, we count.

If you've got a compatible device, you may well want to upgrade sooner rather than later – certainly before people start trying to exploit these security holes.

The full list of flaws is here. We've already separately reported on the AirDrop blunder. Here are some of the highlights of the other bugs in no particular order:

  • An attacker with a privileged network position may intercept SSL/TLS connections.
  • A malicious application may be able to leak sensitive user information: applications could access the screen framebuffer while they were in the background.
  • Processing a maliciously crafted text file may lead to arbitrary code execution: a memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking.
  • Processing a maliciously crafted font file may lead to arbitrary code execution: a memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
  • A malicious application may be able to execute arbitrary code with system privileges: a memory corruption issue existed in dyld. This was addressed through improved memory handling.
  • An application may be able to bypass code signing: an issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking.
  • A malicious application may be able to execute arbitrary code with system privileges: a memory corruption issue existed in IOHIDFamily. This issue was addressed through improved memory handling.
  • AppleID credentials may persist in the keychain after sign out: an issue existed in keychain deletion. This issue was addressed through improved account cleanup.
  • Visiting a maliciously crafted website may lead to arbitrary code execution: memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • An attacker may be able to determine a private key: by observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.
  • An attacker can send an email that appears to come from a contact in the recipient's address book.
  • A malicious enterprise application can install extensions before the application has been trusted.
  • A maliciously crafted URL may be able to bypass HTTP Strict Transport Security (HSTS) and leak sensitive data.

And so on. Lots of gems in there.

Reg comment

What to make of it all? Well, at least they've been found, reported, and fixed, and the patched software released for free. Apple employs a lot of clever and capable people, who are very well compensated. Isn't it time for a multinational technology giant with smart folks, plenty of resources, and endless billions of dollars in the bank, to start shutting down whole classes of bugs in its products?

Articles have typos, people make mistakes, software has bugs. But arbitrary code execution caused by a failure to check the bounds of a buffer when processing text? C'mon. It's 1998 all over again. ®

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017