- SMB Spotlight
Apple has fixed 24 security issues in its latest iOS 7.1 update, marking its latest attempt to keep its mobile OS malware free.
The company announced the fixes in a support update, hours after announcing iOS 7.1. The fixes related to several core services in iOS including Safari, FaceTime and the iTunes store.
The fixes affect the iPhone 4 and later, and iPad 2 and later. The Safari issue meant the users' credentials could accidentally be disclosed to third-party sites thanks to a flaw in the software's auto-fill function.
"Safari may have auto-filled usernames and passwords into a subframe from a different domain than the main frame. This issue was addressed through improved origin-tracking," explained the security bulletin.
The FaceTime flaw meant criminals could theoretically access the users' FaceTime contacts from the lock screen using a stolen device.
"FaceTime contacts on a locked device could be exposed by making a failed FaceTime call from the lock screen. This issue was addressed through improved handling of FaceTime calls," read the advisory.
The iTunes Store flaw was particularly dangerous as it could have been exploited by hackers to mount man-in-the-middle attacks against iPhone and iPad users.
"An attacker with a privileged network position could spoof network communications to entice a user into downloading a malicious app. This issue was mitigated by using SSL [secure sockets layer] and prompting the user during URL redirects," read the advisory.
Before this, the most recent iOS 7 update included 41 security patches when it was released in September 2013.
The robust security of Apple's iOS software has been toted as a key selling point by numerous security professionals. This is because Apple takes a closed approach to the iOS ecosystem that blocks developers from making changes to the OS and pre-screens any apps before letting them appear on the App Store
Aside from its security content, iOS 7.1 also features a number of other upgrades. These include the addition of Apple's CarPlay service and new ‘more natural-sounding male and female voices' for Siri.