All the latest UK technology news, reviews and analysis

Apple iOS 7 includes 41 security updates for iPhone and iPad

19 Sep 2013
iOS 7 home screen

Apple has rolled out 41 key security updates on its latest iOS 7 mobile operating system, plugging holes that potentially left iPhone and iPad hackers open to attack.

Apple released the details of iOS 7's enhanced security features in a public post in the support section of its site. The updates address a number of the operating system's key services and code, including its certificate trust policy, data protection systems and Safari web browser.

Some of the updates address vulnerabilities that could theoretically have been used by hackers to mount a variety of attacks on iPhone users. These included arbitrary code execution, data theft and basic denial of service. A key theme in the update was increasing iOS app security systems. There is currently no evidence any of the fixed areas have been exploited by hackers.

App security has been a key feature of iOS since it was launched, with Apple opting to use a closed approach to its ecosystem, rigorously vetting apps before letting them onto its official store and locking the software to stop developers creating third-party stores. The tactic has proved successful and to date there have been no recorded mobile malware incidents on iOS.

The operating system's impressive track record led F-Secure security expert Mikko Hypponen to praise Apple for its robust security, listing the App Store as one of the security community's greatest achievements during a speech at Infosec earlier this year.

Despite the positive track record security researchers have demonstrated theoretical ways to bypass iOS security features. Most recently Georgia Institute of Technology researchers reported finding a way to sneak malware-laden applications onto the Apple app store at the Usenix Conference.

The flipside of the closed model is that Apple does not disclose any information about potential vulnerabilities until it has investigated and fixed them.

"For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," reads Apple's disclosure policy.

The tactic is different to many software and hardware companies, which take a more open policy of alerting users to vulnerabilities in their services and systems as soon as they can. Most recently Microsoft disclosed finding a vulnerability in its Internet Explorer web browser. The more open disclosure policy is designed to help businesses and general web users take adequate short-term defence measures while the company works on a more serious, permanent solution.

Apple released a security update for its OS X computer operating system alongside its iOS release. The vulnerability lay in its Xcode 5.0 system and affected OS X Mountain Lion v10.8.4 or later. The flaw meant an attacker with a privileged network position could potentially use it to intercept sensitive information, such as user credentials.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

IT Security Analyst (Cyber, Wireshark, SIEM)

IT Security Analyst (Cyber, Wireshark, SIEM) Why apply...

Systems Operations Supervisor

Our Client is seeking an Operations Systems Analyst/Supervisor...

Project Manager / Technical Project Manager - (Prince 2, ERP, MS Project, ISO, PPI)

Project Manager / Technical Project Manager - (Prince...

Software QA Tester - No.1 Online Video Gaming Tech Provider

Software QA Tester - No.1 Online Video Gaming Tech Provider...
To send to more than one email address, simply separate each address with a comma.