iOS 7 patches 80 vulnerabilities

iOS 7 patches 80 vulnerabilities

Summary: Holding off on upgrading to iOS 7 from iOS 6 may be a good idea for many reasons, but your iOS 6 device will have scores of unpatched vulnerabilities.

SHARE:
TOPICS: Security, Apple, iOS
11
iOS 7 patches 80 vulnerabilities

It's not the flashiest improvement in iOS 7, but the new version fixes 80 security vulnerabilities that presumably remain in iOS 6.

The list is very big, even for Apple, which is known for such large updates. Also typical of Apple, the updates include several for vulnerabilities that are quite old.

The bugs could allow many undesirable behaviors:

  • Malicious code execution
  • Determination of the user's passcode by an app
  • The ability to persist malicious code execution across reboots
  • background applications could inject user interface events into the foreground application
  • The ability to intercept data protected with IPSec Hybrid Auth
  • A person with physical access to the device may be able to bypass the screen lock
  • Sandboxed apps could send tweets without user interaction or permission
  • Malicious apps could interfere with or control telephony functionality

What would seem to be the oldest bug in the list is labeled as CVE-2011-2391. It is described as kernel bug which could allow a DOS, via high CPU load, when an attacker sends specially-crafted IPv6 ICMP packets. The CVE designator may be mistaken, as that bug is listed in the CVE database as assigned but unused.

But the update also fixes several bugs from 2012 and one from 2011 in the libxml library. Apple updated the version of libxml to the current stable version, which was released just over a year ago.

The bugs were reported to Apple from dozens of outside sources including Microsoft and Fortinet. 24 of the 80 were reported to Apple by Google.

Topics: Security, Apple, iOS

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • Not the Apple way

    They'll patch one (maybe 2) major versions back on OS X, but on iOS you *will* use the version they tell you.
    larry@...
    • so

      I cant opt out for this ios7 update? I only have iphone4 and wondered if it'll going to struggle with ios7 incase i decided to install it.
      Koymik
      • Not if you want patches

        I don't know about your iPhone 4, but my iPad 2 is running slightly better than prior to iOS 7.
        Michael Alan Goff
  • Seriously deficient security response this is not what I expect from Apple

    The Internet should blow up with outrage at such a deficient response to security issues... so why won't it happen?
    greywolf7
  • Apple - please patch devices not upgradable to iOS 7

    Devices like my Gen 4 iPod are not upgradable to iOS 7. A a patch fixing most of these vulnerabilities would be nice - major patches for up to two previous iOS versions should suffice.
    Bruce Lang
  • Anyone still think iOS is secure?

    IOS has always been Swiss cheese with vulnerabilities.
    The itards were confident that ios6.1.876577654 patched all vulnerabilities.
    Yet we have these 80 patches in iOS7 as an admission by Apple with some of these holes dating back more than a year!
    If not for parties like MS and Google spotting the holes in iOS and reporting it, Apple would still be compiling all the holes from iOS6 in iOS7.
    warboat
    • Anyone still think iOS is secure?

      Trust me, MS and Google's OSes are just as full of security holes. Don't put them in pedestals.
      Carl S
      • oh lol

        no need to trust you.

        ms so called operating systems are definition of security hole.
        ljenux
  • Errr.....

    This means that there are 80 flaws in iOS 6 and Apple did nothing about it. I wonder how long they have been lying around. A year is bad. Anything more is worse.
    Gisabun
  • Wow... So to fix security issues..

    ...you have to install iOS 7,which has security issues... Sure! Makes loads of sense...
    Cory Ducey
  • oh look

    they are starting to resemble microsoft in that way also
    ljenux