All the latest UK technology news, reviews and analysis


Apple iOS 7 includes 41 security updates for iPhone and iPad

19 Sep 2013
iOS 7 home screen

Apple has rolled out 41 key security updates on its latest iOS 7 mobile operating system, plugging holes that potentially left iPhone and iPad hackers open to attack.

Apple released the details of iOS 7's enhanced security features in a public post in the support section of its site. The updates address a number of the operating system's key services and code, including its certificate trust policy, data protection systems and Safari web browser.

Some of the updates address vulnerabilities that could theoretically have been used by hackers to mount a variety of attacks on iPhone users. These included arbitrary code execution, data theft and basic denial of service. A key theme in the update was increasing iOS app security systems. There is currently no evidence any of the fixed areas have been exploited by hackers.

App security has been a key feature of iOS since it was launched, with Apple opting to use a closed approach to its ecosystem, rigorously vetting apps before letting them onto its official store and locking the software to stop developers creating third-party stores. The tactic has proved successful and to date there have been no recorded mobile malware incidents on iOS.

The operating system's impressive track record led F-Secure security expert Mikko Hypponen to praise Apple for its robust security, listing the App Store as one of the security community's greatest achievements during a speech at Infosec earlier this year.

Despite the positive track record security researchers have demonstrated theoretical ways to bypass iOS security features. Most recently Georgia Institute of Technology researchers reported finding a way to sneak malware-laden applications onto the Apple app store at the Usenix Conference.

The flipside of the closed model is that Apple does not disclose any information about potential vulnerabilities until it has investigated and fixed them.

"For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," reads Apple's disclosure policy.

The tactic is different to many software and hardware companies, which take a more open policy of alerting users to vulnerabilities in their services and systems as soon as they can. Most recently Microsoft disclosed finding a vulnerability in its Internet Explorer web browser. The more open disclosure policy is designed to help businesses and general web users take adequate short-term defence measures while the company works on a more serious, permanent solution.

Apple released a security update for its OS X computer operating system alongside its iOS release. The vulnerability lay in its Xcode 5.0 system and affected OS X Mountain Lion v10.8.4 or later. The flaw meant an attacker with a privileged network position could potentially use it to intercept sensitive information, such as user credentials.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Green IT poll

How important is it to your business that a cloud provider uses renewable energy like solar or wind to power their data centres?
18%
6%
4%
1%
71%

Popular Threads

Powered by Disqus
mike-schutz-microsoft-server-and-cloud-division

Microsoft's Mike Schutz discusses the firm's cloud computing strategy [Video]

V3 interviews Microsoft general manager for Windows Server and Management, Mike Schutz, to find out why customers should adopt the Private Cloud

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Network Engineer

x2 Network Engineer contract opportunities available...

VP - Operations Senior Analyst

Job Description An exciting opportunity has arisen for...

Service Manager - SM1

Job Summary Service Manager – SM1 Competitive...

Systems Administrator / Dev Ops

PayWizard develop and manage a subscriber management...
To send to more than one email address, simply separate each address with a comma.