Jump to content

Apple Patches Dozens of Flaws in iOS 8.4, OS X 10.10.4 - See more at: https://threatpost.com/apple-patches-dozens-of-flaws-in-ios-8-4-os-x-10-10-4/113


Recommended Posts

FYI, do your patches Apple friends.




"Apple has released new versions of iOS and OS X, both of which include a significant number of security patches, several for bugs that can lead to remote code execution and other serious issues.


Version 8.4 of iOS contains fixes for more than 30 security vulnerabilities, including bugs in the iOS kernel, WebKit, and CoreText. Apple also patched the vulnerability that leads to the Logjam attack, an issue with servers that support weak Diffie-Hellman cryptography. To fix that issue in iOS, Apple released a patch for the coreTLS component of the operating system.


“coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits,” the Apple advisory says.


Apple also patched an interesting bug that involved the way that iOS handles payloads from SIM cards. The vulnerability could allow an attacker to craft a malicious SIM card that could give him code execution on a target device.


MOre in the article here: https://threatpost.com/apple-patches-dozens-of-flaws-in-ios-8-4-os-x-10-10-4/113547#sthash.duaLyUeL.dpuf

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

This topic is now closed to further replies.
  • Create New...