Apple adds a few more security fixes in iOS 8.1

It's only about a month since iOS 8.0 was released so there's not much new in security patches to add to 8.1. Two of the fixes also show up in a new Apple TV version.

The big news about iOS 8.1, released today, is support for Apple Pay and a few less-notable features. But there are some new security updates.

Read this

Apple Pay and security: Could tokenization be the tool that curbs data breaches?

Apple didn't spend much stage time explaining the tokenization process that underpins Apple Pay, but the method is seen as one of the most secure and fraud proof payment mechanisms available.

Read More

It's only about a month since iOS 8.0 was released fixing 53 vulnerabilities in 7.1, so not much is likely to have crept up in the meantime.

iOS 8.1 fixes five vulnerabilities in version 8.0. One of them is the POODLE vulnerability in SSL version 3, already fixed in most other Apple software .

Other bugs fixed in this update:

  • If an iOS device had already been paired with a Bluetooth accessory of a certain type, then an attacker could spoof the accessory and establish an unencrypted connection with the iOS device.
  • Sometimes files written to an app's Documents directory were encrypted with a weak key.
  • An attacker on the same network segment could force iCloud data access clients to leak sensitive information.
  • QuickType, the new software keyboard in iOS 8, could learn user credentials.

Apple also released Apple TV 7.0.1 today, fixing two vulnerabilities. One of these is the POODLE bug and the other is the Bluetooth pairing bug described above for iOS.