Apples latest mobile OS update, iOS 8.3, includes a long list of security patches for over three dozen severe vulnerabilities.
Apples latest iOS 8.3 went live Wednesday night, having Apple and iOS fans in a craze. Apple’s latest upgrade fixes a number of vulnerabilities lodged within the mobile operating system’s kernel, a number of code-execution bugs and a long list of WebKit vulnerabilities. Apple also patched a severe flaw that could lead to the user’s credentials being sent to the wrong server by accident. The issue stems from a bug within the CFNetwork Session component in iOS.
“A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects (CVE-2015-1091),” Apple’s security advisory read.
Accompanied by the code-execution vulnerabilities are a number of memory corruption bugs in the FontParser component of the operating system, alongside a bug in the CFURL (CVE-2015-1088) that can lead to a arbitrary code execution if the iOS users visits a maliciously crafted webpage.
Several more iOS vulnerabilities in the iOS kernel were patched by Apple’s latest iOS 8.3 release. One vulnerability allows a malicious app to run arbitrary code on the system-level with full privileges, and another kernel security flaw can let an app cause an unexpected system termination or read kernel memory. Lodged in iOS 8.3 are fixes for a kernel bug that allows an attacker with privileged network position to redirect iOS users to any host the attacker chooses. Another kernel flaw with the same circumstances could cause a denial-of-service.
Apple’s latest iOS 8.3 includes security patches for a swatch of vulnerabilities in the iOS operating system.
To upgrade to Apple’s latest iOS 8.3 to get all the additional security benefits navigate to Settings App, go to General > Software Update > Download and Install. Apple’s iOS 8.3 is supported by the iPhone 4S and later, iPod Touch 5th Generation and Later, iPad 2 and later iPad models.
Photo via Kārlis Dambrāns/Flickr [CC BY 2.0]