Apple iOS 7.1 patches 41 vulnerabilities

  • 10 March 2014
  • 3 replies
  • 1 view

Userlevel 7
Badge +54
iOS 7.1, released today, fixes 41 vulnerabilities in the most recent version of the operating system.

The Webkit browser engine used by the Safari browser accounts for 19 of the vulnerabilities, and nine of these were reported to Apple by the Google Chrome Security Team. Any of the 19 could be used by a remote attacker to take user control of the device. Combined with a privilege escalation exploit, the user could take administrative control. (There are no such vulnerabilities in this set, but there have been many over the years.)

An especially interesting vulnerability is in dyld, OS X's dynamic linker/loader. The impact is "Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. This issue was addressed by ignoring text relocation instructions." Normally bypassing code signing would be considered a very significant bug, but if the solution is to ignore the problem then perhaps it's not.
 
Full Article

3 replies

Userlevel 7
Badge +56
I installed it with no issue.
Userlevel 5
I think that apple is going to do the same thing if they come out with 7.2.
Userlevel 7
Badge +62
Again news for Apple...by the way Jasper I love ZDNET.

Reply