If you have an iDevice running iOS 7 of any description, you should immediately download and install iOS 7.1.2. The reason being is that according to this document posted by Apple, two nasty bugs among others are fixed in this release:
Lockdown
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker possessing an iOS device could potentially bypass Activation Lock
Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers.
And:
Lock Screen
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts
Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit.
As well as:
Lock Screen
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking
Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode.
The first fix regarding Activation Lock fits the description of this bug that I reported on back in February. As for the lock screen bugs, it sounds like this issue (the first one that is in the linked story) and this issue have been addressed. There’s one more bug that that is fixed that I should point out:
Mail
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Mail attachments can be extracted from an iPhone 4
Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments.
That fixes this bug (the second one in the linked story) that I reported on earlier this year.
Thus as I said earlier, run and download this update ASAP. You’ll thank me for it.
Like this:
Like Loading...
Related
This entry was posted on June 30, 2014 at 2:14 pm and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
iOS 7.1.2 Now Available To Fix Mail, Lock Screen & Activation Lock Bugs
If you have an iDevice running iOS 7 of any description, you should immediately download and install iOS 7.1.2. The reason being is that according to this document posted by Apple, two nasty bugs among others are fixed in this release:
Lockdown
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker possessing an iOS device could potentially bypass Activation Lock
Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers.
And:
Lock Screen
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts
Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit.
As well as:
Lock Screen
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking
Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode.
The first fix regarding Activation Lock fits the description of this bug that I reported on back in February. As for the lock screen bugs, it sounds like this issue (the first one that is in the linked story) and this issue have been addressed. There’s one more bug that that is fixed that I should point out:
Mail
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Mail attachments can be extracted from an iPhone 4
Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments.
That fixes this bug (the second one in the linked story) that I reported on earlier this year.
Thus as I said earlier, run and download this update ASAP. You’ll thank me for it.
Share this:
Like this:
Related
This entry was posted on June 30, 2014 at 2:14 pm and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.