Security Market Segment LS
Thursday, 22 October 2015 05:41

iOS 9.1 delivers a shipload of security fixes


Apple has detailed a long list of security fixes contained in iOS 9.1. Vulnerabilities in watchOS have also been addressed.

There's nothing unusual about iOS - or OS X - updates including security fixes. But sometimes the list of vulnerabilities addressed is longer than others, and iOS 9.1 is a case in point - it clears up almost 50 CVE items covering many aspects of the operating system.

18 of the 49 issues were discovered by Apple. Among the other organisations contributing multiple items to the bug list were Yahoo (12), Google (three), and PanguTeam (two).

Most of the vulnerabilities had the potential for serious exploitation, as they could allow arbitrary code execution by visiting a malicious web page, opening a malicious document, using a malicious font, displaying a maliciously crafted image

Others - also with potentially serious impact - opened the way for privilege escalation, cookie or file overwriting, information stealing, and tricking the system into treating a revoked certificate as if were still valid.

As usual, Apple patched the vulnerability that allowed the jailbreak for iOS 9.0 to work. The cat and mouse game will no doubt continue.

The subsystems patched in iOS 9.1 are Accelerate Framework, Bom, CFNetwork, configd, CoreGraphics, CoreText, Disk Images, FontParser, GasGauge, Grand Central Dispatch, Graphics Driver, ImageIO, IOAcceleratorFamily, IOHIDFamily, Kernel, Notification Center, OpenGL, Security, Telephony, and WebKit.

Non-security changes in iOS 9.1 include improvements to Live Photos and additional emoji.

Some of the above issues are addressed in watchOS 2.0.1, which also deals with an issue that in some circumstances allowed a EFTPOS terminal to retrieve transaction information from Apple Pay.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments