Security Market Segment LS
Thursday, 22 October 2015 05:41

iOS 9.1 delivers a shipload of security fixes

By

Apple has detailed a long list of security fixes contained in iOS 9.1. Vulnerabilities in watchOS have also been addressed.

There's nothing unusual about iOS - or OS X - updates including security fixes. But sometimes the list of vulnerabilities addressed is longer than others, and iOS 9.1 is a case in point - it clears up almost 50 CVE items covering many aspects of the operating system.

18 of the 49 issues were discovered by Apple. Among the other organisations contributing multiple items to the bug list were Yahoo (12), Google (three), and PanguTeam (two).

Most of the vulnerabilities had the potential for serious exploitation, as they could allow arbitrary code execution by visiting a malicious web page, opening a malicious document, using a malicious font, displaying a maliciously crafted image

Others - also with potentially serious impact - opened the way for privilege escalation, cookie or file overwriting, information stealing, and tricking the system into treating a revoked certificate as if were still valid.

As usual, Apple patched the vulnerability that allowed the jailbreak for iOS 9.0 to work. The cat and mouse game will no doubt continue.

The subsystems patched in iOS 9.1 are Accelerate Framework, Bom, CFNetwork, configd, CoreGraphics, CoreText, Disk Images, FontParser, GasGauge, Grand Central Dispatch, Graphics Driver, ImageIO, IOAcceleratorFamily, IOHIDFamily, Kernel, Notification Center, OpenGL, Security, Telephony, and WebKit.

Non-security changes in iOS 9.1 include improvements to Live Photos and additional emoji.

Some of the above issues are addressed in watchOS 2.0.1, which also deals with an issue that in some circumstances allowed a EFTPOS terminal to retrieve transaction information from Apple Pay.


Subscribe to Newsletter here

WEBINAR INVITE: Exploring Emerging Strategies for 5G Monetization

Network Operators continue to invest in 5G and build out their infrastructure.

With the recent impact of world events, the pressure is on to explore additional ways beyond traditional subscription models to monetize existing investments and speed up returns.

Creative thinking is key in this space, and in this webinar, you will learn about innovative ideas for Network Operators and Enterprise Business to enable new services and opportunities to drive incremental revenue.

Join us for this thought-provoking webinar with ITR Analyst, Marc Einstein, where you will learn about:

- Key industry 5G trends
- How COVID-19 is driving innovation and potential new business opportunities and applications for 5G

Click below to register your interest for the AUGUST 26, 4PM WEBINAR (AEST)

REGISTER NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

BACK TO HOME PAGE

WEBINARS ONLINE & DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

ResearchWire

Guest Research & Case Studies

Channel News

Comments