Apple’s iOS 7 Clears 80 Bugs

Monday, September 23, 2013 @ 05:09 PM gHale


The Apple iOS 7 update came out with some fanfare, but more importantly it brought in 80 security fixes.

The update fixes problems that could lead to a denial of service attack or trigger unexpected application termination or arbitrary code execution on devices like an iPad, iPod Touch or iPhone running an out of date OS.

RELATED STORIES
Patched Safari Bug under Attack
Text String Takes Bite Out of Apple
Still a Hack, but Wrong Person
‘Jekyll’ Test Attack Takes Over

Some of what security experts were calling the bigger flaws Apple fixed included passcode bypass flaws, one (CVE-2013-0957) that could allow an attacker to break an app in the third-party sandbox and determine the user’s passcode and a second (CVE-2013-5147) that exploited the way the iPhone handled calls to bypass the screen lock in iOS 6.1.

Another similar data privacy vulnerability was one that could allow an attacker to intercept user credentials by compromising a TrustWave certificate (CVE-2012-5134). TrustWave issued and subsequently revoked the faulty sub-CA certificate.

Four Safari bugs, including a problem where the browser’s history was still visible even after it cleared, ended up fixed. There was also an issue in Safari with a memory corruption problem in the way it handled XML files and a cross-site scripting flaw on sites that allow users to upload files.

Apple also addressed vulnerabilities from last year with all of them fixing arbitrary code execution bugs in the libxml and libxslt libraries.



Leave a Reply

You must be logged in to post a comment.