The specs of the new mobile operating system release from Apple Wednesday (Sept. 17) disclose 53 security vulnerabilities—all supposedly fixed—including some that would have allowed “an attacker to execute code on the device with root privileges,” ZDNet is reporting.
“Several other (iOS security holes) allow execution of code with kernel or system privileges. These vulnerabilities require the ability to execute code on the device, but that could be accomplished with one of the many remote code execution vulnerabilities also disclosed. Many of these are in the Webkit browser engine, meaning that such an attack could be launched if the user visited a malicious web page,” the ZDNet story said. “These issues, many of them severe, remain in earlier versions of iOS. It is Apple’s usual practice not to fix them on earlier versions, so users who remain on iOS 7.x remain vulnerable to these issues.”
Some of the holes involve settings that defaulted to non-secure choices. “Less shocking, but still severe is the ability for a rogue access point to steal iOS Wi-Fi credentials using an old and broken authentication protocol which was on by default in iOS. The protocol (LEAP) is disabled by default in iOS 8,” the story said. “Another bug could allow an attacker with write access to /tmp to install unverified apps. Several vulnerabilities allow an app to turn the device off or restart it.”
