Yesterday, Apple released iOS 8.1 as a software update which contains new features, bug fixes and security updates. iOS 8.1 addresses 5 vulnerabilities altogether, including fixes for the mobile POODLE vulnerability and patches for a number of backdoors.
The iOS update is available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later.
Among the more high profile security flaws addressed in this update is a design flaw in SSL (Secure Socket Layer) 3.0, which could be exploited by criminals, called POODLE. Apple’s OS X Yosemite and Security Update 2014-005 for OS X Mountain Lion and OS X Mavericks addresses the POODLE vulnerability for Mac users.
iOS 8.1 addresses the following vulnerabilities:
- CVE-2014-4428 : A malicious Bluetooth input device may bypass pairing. Unencrypted connections were permitted from Human Interface Device-class Bluetooth Low Energy accessories. If an iOS device had paired with such an accessory, an attacker could spoof the legitimate accessory to establish a connection. The issue was addressed by denying unencrypted HID connections.
- CVE-2014-4448 : Files transferred to the device may be written with insufficient cryptographic protection. Files could be transferred to an app’s Documents directory and encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the transferred files with a key protected by the hardware UID and the user’s passcode.
- CVE-2014-4449 : An attacker in a privileged network position may force iCloud data access clients to leak sensitive information. A TLS certificate validation vulnerability existed in iCloud data access clients. This issue was addressed by improved certificate validation.
- CVE-2014-4450 : QuickType could learn users’ credentials. QuickType could learn users’ credentials when switching between elements. This issue was addressed by QuickType not learning from fields where autocomplete is disabled and reapplying the criteria when switching between DOM input elements in legacy WebKit.
- CVE-2014-3566 : An attacker may be able to decrypt data protected by SSL. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.
This update is available directly on iOS devices (Settings > General > Software Update), or it can be downloaded and installed in iTunes when a device is connected to a computer with an Internet connection.