Story image

iOS gets another round of critical security updates to block major security holes

27 Jul 2017

Apple’s iOS 10.3.3 has undergone an urgent update after massive security holes were discovered in many of the system’s functions.

The security updates affect iPhone 5 and later, iPad 4th generation and later, as well as the iPod Touch 6th generation.

The flaws can allow remote attackers to run arbitrary code or terminate apps through a number of iOS systems, including its contacts, messages, notifications, Safari, telephony, wifi and other system functions including kernels, libxpc, EventKitUI and CoreAudio.

Attackers could also potentially execute code by taking advantage of a device’s wifi chip, while users who stumbled upon malicious web content could find that their browser was frozen due to an infinite number of print dialogues.

In total, there are 24 areas and 47 CVE updates listed for iOS 10.3.3, most of which were discovered by Google’s Project Zero, Baidu Security Lab, university professors and security researchers.

Apple says that it doesn’t discuss or confirm security issues until it has investigated and made relevant patches and updates available.

While some iOS users still believe that devices are still relatively immune from hacking, proof from security organisations shows otherwise.

Earlier this year ESET’s Graham Clueley said in a blog that updates such as these are not about pointing out every single flaw in the system – it’s more of an encouragement for people to update systems at the earliest opportunity.

“Apple products may find themselves in the firing line of attacks less often than their Windows and Android cousins, but that doesn’t mean they’re immune. If can learn anything from the events of the last few days it is surely the need to keep systems up-to-date and make regular backups of your data,” he says.

iOS and other Apple devices have also been targeted by spyware such as Pegasus and XAgent and AceDeceiver – a malware that targeted Apple’s DRM flaws.

Other cases this year included OSX/Dok, which popped up in April 2017. Check Point researchers discovered the Trojan, which was able to get around Apple’s security features and hijack all traffic on a Mac.

A ransomware variant called KeRanger was also able to encrypt Apple devices in March 2016. The ransomware was introduced via an update of Transmission torrent client 2.9.0. It was then able to run alongside the software and secretly encrypt files.

Palo Alto Network's Claud Xiao and Jin Chen explain how KeRanger works:

"The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple's Gatekeeper protection,” said Palo Alto Networks researchers Claud Xiao and Jin Chen at the time.

Apple quickly revoked the certificate to stop further ransomware attacks.

Better data management: Whose job is it?
An Experian executive’s practical advice on how to structure data-management roles within a modern business environment.
Platform9 and Intersect partner to bring unified cloud to A/NZ
“For Intersect, Platform9 represents the single most strategic solution to a set of challenges we see expanding across the board."
Meet the future of women in IT
Emily Sopers has just won Kordia’s first ever Women in Technology Scholarship, which was established to address gender imbalance in the information and communications technology (ICT) sector.
Web design programmers do an about face – again!
Google is aggressively pushing speed in the mobile environment as a critical ranking factor, and many eb design teams struggling to reach 80%+ speed scores on Google speed tests with gorgeous – but heavy - WordPress templates and themes.
Digital spending to hit US$1.2 trillion by 2022
A recent study by Zinnov shows that IoT spend reached US$201 billion in 2018 while outsourcing service providers generated $40 billion in revenue.
'Iwi Algorithm' can grow Aotearoa's mana
Ngāti Whātua Ōrākei innovation officer Te Aroha Grace says AI can help to combine the values from different cultures to help grow Aotearoa’s mana and brand – and AI is not just for commercial gain.
Dropbox brings in-country document hosting to A/NZ & Japan
Dropbox Business users in New Zealand, Australia, and Japan will be able to store their Dropbox files in-country, beginning in the second half of 2019.
Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”