Patches required in areas like Bluetooth and iCloud

Oct 21, 2014 20:31 GMT  ·  By

iOS 8.1 arrived with a great deal of enhancements yesterday, but few people noticed that it also contained quite a few security fixes. Even less people noticed that a new Apple TV firmware had been released alongside that update, also containing patches for some recently found vulnerabilities.

With the release of these two updates yesterday, Apple closed a total of seven holes discovered in recent weeks in the two OSes. iOS 8.1 patches five flaws, whereas Apple TV 7.0.1 mitigates only two.

The security side of iOS 8.1

Inside the official release notes describing the contents of the update, Apple included a link to the Support area of its site where security fixes are listed. Because of CDN problems, those documents usually take much longer to surface. Now they’re available for everyone to see.

Besides brining Apple Pay support and fixing usability bugs, iOS 8.1 addresses five newly found flaws. This one, for instance, was in Bluetooth and affected iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later.

“Unencrypted connections were permitted from Human Interface Device-class Bluetooth Low Energy accessories. If an iOS device had paired with such an accessory, an attacker could spoof the legitimate accessory to establish a connection. The issue was addressed by denying unencrypted HID connections,” Apple says.

Another one was found in a component that Apple designates as House Arrest. Affecting the same range of iDevices, this flaw is described as follows:

“Files could be transferred to an app's Documents directory and encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the transferred files with a key protected by the hardware UID and the user's passcode.”

A more serious issue affected iCloud Data Access, with Apple noting that “A TLS certificate validation vulnerability existed in iCloud data access clients.” The company addressed the problem “by improved certificate validation.”

Yet another issue allowed QuickType – the new keyboard architecture in iOS 8 – to learn users' credentials when switching between elements. iOS 8.1 took care of that as well.

Apple TV flaws patched in Software Update 7.0.1

A vulnerability discovered by Mike Ryan of iSEC Partners is described as follows: “Unencrypted connections were permitted from Human Interface Device-class Bluetooth Low Energy accessories. If a device had paired with such an accessory, an attacker could spoof the legitimate accessory to establish a connection.” Apple addressed the issue by denying unencrypted HID connections.

Another problem involved the wretched SSL 3.0, which everyone in the security sector should hate by now. This flaw would allow an attacker to “force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts.”