Apple has packed patches for dozens of security flaws into
the new versions of its iOS and OS X operating systems.
The company noted Tuesday in a security
advisory that
just-released version 8.4 of the iOS mobile operating system contains more than
20 fixes for vulnerabilities that could lead to remote code execution,
application termination and the interception of encrypted traffic, among other
issues.
Within the updates, the iPad and
iPhone maker has tackled theLogjam flaw, a cryptographic weakness in algorithms used
by the Diffie-Hellman key exchange, which is a popular way for Internet
protocols to agree on shared encryption keys and create secure communication
channels. Because of this weakness, tens of thousands of HTTPS websites and
servers were vulnerable to eavesdropping and the interception of secure
communication, which in turn could lead to man-in-the-middle attacks.
Certificate trust policy problems,
memory corruption flaws, buffer overflow vulnerabilities and a host of WebKit,
kernel and CoreText flaws were also patched in the latest iOS update.
At least one of the problems
affected the Apple Watch directly.
An issue existed in the install logic for universal provisioning profile apps
on the wearable, which in turn created a collision with existing bundle IDs. A
malicious app could use this issue to prevent a Watch app from launching.
As for OS X Yosemite 10.10.4, a security
advisory details
the same patches for a number of issues -- as well as a swathe of additional
vulnerabilities such as user authentication exploits, remote code execution
flaws, Apache compatibility issues, CoreText problems and buffer flow
vulnerabilities.
Both updates also addressed
Certificate Trust Policy problems. An intermediate certificate was incorrectly
issued by the certificate authority CNNIC that
could allow for the interception of network traffic.
Source: cnet.com
No comments:
Post a Comment