Thursday, 19 September 2013

Apple iOS 7 includes 41 security updates for iPhone and iPad

iOS 7 home screen
Apple has rolled out 41 key security updates on its latest iOS 7 mobile operating system, plugging holes that potentially left iPhone and iPad hackers open to attack.
Apple released the details of iOS 7's enhanced security features in a public post in the support section of its site. The updates address a number of the operating system's key services and code, including its certificate trust policy, data protection systems and Safari web browser.
Some of the updates address vulnerabilities that could theoretically have been used by hackers to mount a variety of attacks on iPhone users. These included arbitrary code execution, data theft and basic denial of service. A key theme in the update was increasing iOS app security systems. There is currently no evidence any of the fixed areas have been exploited by hackers.
App security has been a key feature of iOS since it was launched, with Apple opting to use a closed approach to its ecosystem, rigorously vetting apps before letting them onto its official store and locking the software to stop developers creating third-party stores. The tactic has proved successful and to date there have been no recorded mobile malware incidents on iOS.
The operating system's impressive track record led F-Secure security expert Mikko Hypponen to praise Apple for its robust security, listing the App Store as one of the security community's greatest achievements during a speech at Infosec earlier this year.
Despite the positive track record security researchers have demonstrated theoretical ways to bypass iOS security features. Most recently Georgia Institute of Technology researchers reported finding a way to sneak malware-laden applications onto the Apple app store at the Usenix Conference.
The flipside of the closed model is that Apple does not disclose any information about potential vulnerabilities until it has investigated and fixed them.
"For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," reads Apple's disclosure policy.
The tactic is different to many software and hardware companies, which take a more open policy of alerting users to vulnerabilities in their services and systems as soon as they can. Most recently Microsoft disclosed finding a vulnerability in its Internet Explorer web browser. The more open disclosure policy is designed to help businesses and general web users take adequate short-term defence measures while the company works on a more serious, permanent solution.
Apple released a security update for its OS X computer operating system alongside its iOS release. The vulnerability lay in its Xcode 5.0 system and affected OS X Mountain Lion v10.8.4 or later. The flaw meant an attacker with a privileged network position could potentially use it to intercept sensitive information, such as user credentials.

No comments:

Post a Comment