Over 50 iOS 8 Mobile Security Holes Fixed

The specs of the new mobile operating system release from Apple Wednesday (Sept. 17) disclose 53 security vulnerabilities—all supposedly fixed—including some that would have allowed “an attacker to execute code on the device with root privileges,” ZDNet is reporting.

“Several other (iOS security holes) allow execution of code with kernel or system privileges. These vulnerabilities require the ability to execute code on the device, but that could be accomplished with one of the many remote code execution vulnerabilities also disclosed. Many of these are in the Webkit browser engine, meaning that such an attack could be launched if the user visited a malicious web page,” the ZDNet story said. “These issues, many of them severe, remain in earlier versions of iOS. It is Apple’s usual practice not to fix them on earlier versions, so users who remain on iOS 7.x remain vulnerable to these issues.”

Some of the holes involve settings that defaulted to non-secure choices. “Less shocking, but still severe is the ability for a rogue access point to steal iOS Wi-Fi credentials using an old and broken authentication protocol which was on by default in iOS. The protocol (LEAP) is disabled by default in iOS 8,” the story said. “Another bug could allow an attacker with write access to /tmp to install unverified apps. Several vulnerabilities allow an app to turn the device off or restart it.”


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.

Click to comment