All the latest UK technology news, reviews and analysis

Apple iOS 7 includes 41 security updates for iPhone and iPad

19 Sep 2013
iOS 7 home screen

Apple has rolled out 41 key security updates on its latest iOS 7 mobile operating system, plugging holes that potentially left iPhone and iPad hackers open to attack.

Apple released the details of iOS 7's enhanced security features in a public post in the support section of its site. The updates address a number of the operating system's key services and code, including its certificate trust policy, data protection systems and Safari web browser.

Some of the updates address vulnerabilities that could theoretically have been used by hackers to mount a variety of attacks on iPhone users. These included arbitrary code execution, data theft and basic denial of service. A key theme in the update was increasing iOS app security systems. There is currently no evidence any of the fixed areas have been exploited by hackers.

App security has been a key feature of iOS since it was launched, with Apple opting to use a closed approach to its ecosystem, rigorously vetting apps before letting them onto its official store and locking the software to stop developers creating third-party stores. The tactic has proved successful and to date there have been no recorded mobile malware incidents on iOS.

The operating system's impressive track record led F-Secure security expert Mikko Hypponen to praise Apple for its robust security, listing the App Store as one of the security community's greatest achievements during a speech at Infosec earlier this year.

Despite the positive track record security researchers have demonstrated theoretical ways to bypass iOS security features. Most recently Georgia Institute of Technology researchers reported finding a way to sneak malware-laden applications onto the Apple app store at the Usenix Conference.

The flipside of the closed model is that Apple does not disclose any information about potential vulnerabilities until it has investigated and fixed them.

"For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," reads Apple's disclosure policy.

The tactic is different to many software and hardware companies, which take a more open policy of alerting users to vulnerabilities in their services and systems as soon as they can. Most recently Microsoft disclosed finding a vulnerability in its Internet Explorer web browser. The more open disclosure policy is designed to help businesses and general web users take adequate short-term defence measures while the company works on a more serious, permanent solution.

Apple released a security update for its OS X computer operating system alongside its iOS release. The vulnerability lay in its Xcode 5.0 system and affected OS X Mountain Lion v10.8.4 or later. The flaw meant an attacker with a privileged network position could potentially use it to intercept sensitive information, such as user credentials.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?

Popular Threads

Powered by Disqus
V3 Security Summit

V3 Security Summit Day 2: Botnet, skills and BYOD intelligence incoming

Keep V3 bookmarked for news updates on all the key security concerns and topics facing businesses

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Software Engineers - L2/L3 SDN, NFV, C++

We have requirment for Software Engineers for one of...

Retail Banking Business Analyst

Retail Banking Business Analyst My client's start...

SharePoint Junior Developer

Role summary The SharePoint Developer will take an...

IT Business Analyst

We are looking for a switched on and experienced IT Business...
To send to more than one email address, simply separate each address with a comma.