03-10-2014 04:23 PM
iOS 7.1, released today, fixes 41 vulnerabilities in the most recent version of the operating system.
The Webkit browser engine used by the Safari browser accounts for 19 of the vulnerabilities, and nine of these were reported to Apple by the Google Chrome Security Team. Any of the 19 could be used by a remote attacker to take user control of the device. Combined with a privilege escalation exploit, the user could take administrative control. (There are no such vulnerabilities in this set, but there have been many over the years.)
An especially interesting vulnerability is in dyld, OS X's dynamic linker/loader. The impact is "Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. This issue was addressed by ignoring text relocation instructions." Normally bypassing code signing would be considered a very significant bug, but if the solution is to ignore the problem then perhaps it's not.
03-10-2014 05:04 PM
I think that apple is going to do the same thing if they come out with 7.2.
03-10-2014 09:22 PM - edited 03-10-2014 09:23 PM