Apple Fixes Security Holes

Thursday, September 20, 2018 @ 10:09 AM gHale

Apple released new versions of iOS and other products fixing security issues.

Apple just released iOS 12, which comes with improved usability, stability, reliability, speed, but also with some interesting new and improved features that should help users choose and manage passwords and use two-factor authentication.

RELATED STORIES
MacOS Backdoor Found after 2 Years
Air Gap Alert: Attackers on Prowl
New Backdoor Based on Hacking Team Tool
Mac OS Backdoor Discovered

Fixes also went out for watchOS, tvOS and Safari.

Apple software engineer Ricky Mondello listed improvements:
• A revamped iCloud Keychain password manager that generates passwords when creating accounts within apps (this should help minimize weak passwords and password reuse)
• iOS’ Password AutoFill helps enter passwords on Apple TV, and works with third-party password manager apps like 1Password or LastPass
• Siri is now able to look up a saved password for the user
• Security codes delivered via text messages will automatically appear on the QuickType bar, allowing users to fill it in where required with one tap

Apple also updated the iOS Security Guide with a new section on user password management.

Apple also cleared some security holes, including a code execution flaw in Bluetooth, a vulnerability that may allow an attacker in a privileged network position to spoof password prompts in the iTunes Store, a weakness in the RC4 cryptographic algorithm, and a logic issue that could allow a malicious website to exfiltrate autofilled data in Safari.

A vulnerability in iOS11 and later has also been addressed with a patch, as it allows an attacker in a privileged network position to intercept analytics data sent to Apple.



Leave a Reply

You must be logged in to post a comment.