Update patches kernel, SIM card and app install bugs

Jul 1, 2015 11:02 GMT  ·  By

Apple’s release of iOS 8.4 is more than the launch of the anticipated Apple Music streaming service, as it addresses more than 30 security glitches, most of them protecting against potential arbitrary code execution.

The components whose code was revised by the Cupertino company include Safari’s browser engine, the WiFi manager, the SQLite library, Safari, Mail, the OS kernel, FontParser, coreTLS, and CoreText.

Logjam, "effective. Power" bug removed

The company resolved the problem with Logjam, a flaw that allowed an attacker in a man-in-the-middle position to downgrade the security of the Diffie-Hellman cryptographic key exchange mechanism to a weaker variant, export-grade 512-bit.

An interesting fix, for a flaw reported by Matt Spisak of Endgame, relates to rogue SIM cards that could deliver malicious payloads, which could lead to execution of arbitrary code on the device.

“Multiple input validation issues existed in the parsing of SIM/UIM payloads. These issues were addressed through improved payload validation,” reads Apple’s description of the vulnerability.

Also patched are several memory corruption problems that occurred when certain text files were processed by CoreText. The repairs included the “effective. Power” bug that made a lot of waves towards the end of May as well as other undisclosed ones, reported by John Villamil from the Yahoo Pentest Team.

iOS 8.4 protects against Masque attacks

A memory management issue (CVE-2015-3721) reported by Ian Beer of Google Project Zero was removed in iOS 8.4. The potential risk associated with this was that an attacker could determine the kernel memory layout via a malicious application.

One problem in Safari, exploitable on devices still running earlier iOS versions, could lead to account takeover. Apple said that the glitch was caused by the fact that the browser maintained the origin request header for cross-origin redirects, which allowed a malicious website to bypass protection against CSRF (cross-site request forgery).

A couple of vulnerabilities reported by FireEye were also addressed, although the security company says that the fix is only partial, without disclosing any details regarding the possibility of exploitation.

FireEye detailed the attacks (dubbed Manifest Masque and Extension Masque) on Tuesday, explaining that they could be leveraged against users in a company receiving rogue apps developed in-house.

They also demonstrated the effects of the attacks by crashing both system and Store apps, and by stealing information from the data container of Gmail app, thus gaining access to the emails of the victim.