Apple has released a new version of its popular iOS platform for the iPhone 4 and later, the iPod touch (5th generation) and later, and iPad 2 and later. It has also released a new version of the Apple TV platform for Apple TV 2nd generation units and later.
iOS 7.1 adds a range of new features but crucially it also fixes a wide variety of security issues including fixes to the WebKit HTML rendering engine used by Safari. In a ironic twist Apple has credited four of the fixes to the evad3rs jailbreak team. According to Apple the following fixes were made to tackle the jailbreakers techniques:
- A symbolic link in a backup would be restored, allowing subsequent operations during the restore to write to the rest of the filesystem. This issue was addressed by checking for symbolic links during the restore process. CVE-2013-5133 : evad3rs
- CrashHouseKeeping followed symbolic links while changing permissions on files. This issue was addressed by not following symbolic links when changing permissions on files. CVE-2014-1272 : evad3rs
- Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. This issue was addressed by ignoring text relocation instructions. CVE-2014-1273 : evad3rs
- An out of bounds memory access issue existed in the ARM ptmx_get_ioctl function. This issue was addressed through improved bounds checking. CVE-2014-1278 : evad3rs
The oldest bug fixed was CVE-2012-2088 which was fixed in OS X in March 2013. Because of a buffer overflow in libtiff’s handling of TIFF images, viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. This issue was fix through additional validation of TIFF images. Other fixed bugs which could lead to arbitrary code execution include: a buffer overflow that existed in the handling of JPEG2000 images in PDF files, CVE-2014-1275 : Felix Groebert of the Google Security Team; a double free issue that existed in the handling of Microsoft Word documents, CVE-2014-1252 : Felix Groebert of the Google Security Team; and a memory corruption issue that existed in the handling of USB messages, CVE-2014-1287 : Andy Davis of NCC Group.
Apple has posted a document online describing the full security content of iOS 7.1.
Simultaneously with the iOS 7.1 release, Apple also released Apple TV 6.1. Many of the same bugs are addressed including three by the evad3rs jailbreak team along with the other arbitrary code execution vulnerabilities. One specific Apple TV vulnerability allowed an attacker with access to an Apple TV to access sensitive user information from the log files. The problem was that this sensitive user information was being logged by the system. This issue was fixed by altering the logging output.
Apple’s website contains more information about the security content of Apple TV 6.1.