iOS 7 patches 80 vulnerabilities

Summary:Holding off on upgrading to iOS 7 from iOS 6 may be a good idea for many reasons, but your iOS 6 device will have scores of unpatched vulnerabilities.

iOS 7 patches 80 vulnerabilities

It's not the flashiest improvement in iOS 7, but the new version fixes 80 security vulnerabilities that presumably remain in iOS 6.

The list is very big, even for Apple, which is known for such large updates. Also typical of Apple, the updates include several for vulnerabilities that are quite old.

The bugs could allow many undesirable behaviors:

  • Malicious code execution
  • Determination of the user's passcode by an app
  • The ability to persist malicious code execution across reboots
  • background applications could inject user interface events into the foreground application
  • The ability to intercept data protected with IPSec Hybrid Auth
  • A person with physical access to the device may be able to bypass the screen lock
  • Sandboxed apps could send tweets without user interaction or permission
  • Malicious apps could interfere with or control telephony functionality

What would seem to be the oldest bug in the list is labeled as CVE-2011-2391. It is described as kernel bug which could allow a DOS, via high CPU load, when an attacker sends specially-crafted IPv6 ICMP packets. The CVE designator may be mistaken, as that bug is listed in the CVE database as assigned but unused.

But the update also fixes several bugs from 2012 and one from 2011 in the libxml library. Apple updated the version of libxml to the current stable version, which was released just over a year ago.

The bugs were reported to Apple from dozens of outside sources including Microsoft and Fortinet. 24 of the 80 were reported to Apple by Google.

Topics: Security, Apple, iOS

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.