what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2014-10-20-1

Apple Security Advisory 2014-10-20-1
Posted Oct 21, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-20-1 - iOS 8.1 is now available and addresses bluetooth, insufficient cryptographic protection, and various other vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2014-3566, CVE-2014-4428, CVE-2014-4448, CVE-2014-4449, CVE-2014-4450
SHA-256 | 2e164f01c6db9964bcf49a31c30cf308c0683a074854438dd1b12a474cb7e60e

Apple Security Advisory 2014-10-20-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-10-20-1 iOS 8.1

iOS 8.1 is now available and addresses the following:

Bluetooth
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious Bluetooth input device may bypass pairing
Description: Unencrypted connections were permitted from Human
Interface Device-class Bluetooth Low Energy accessories. If an iOS
device had paired with such an accessory, an attacker could spoof the
legitimate accessory to establish a connection. The issue was
addressed by denying unencrypted HID connections.
CVE-ID
CVE-2014-4428 : Mike Ryan of iSEC Partners

House Arrest
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Files transferred to the device may be written with
insufficient cryptographic protection
Description: Files could be transferred to an app's Documents
directory and encrypted with a key protected only by the hardware
UID. This issue was addressed by encrypting the transferred files
with a key protected by the hardware UID and the user's passcode.
CVE-ID
CVE-2014-4448 : Jonathan Zdziarski and Kevin DeLong

iCloud Data Access
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in a privileged network position may force
iCloud data access clients to leak sensitive information
Description: A TLS certificate validation vulnerability existed in
iCloud data access clients. This issue was addressed by improved
certificate validation.
CVE-ID
CVE-2014-4449 : Carl Mehner of USAA

Keyboards
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: QuickType could learn users' credentials
Description: QuickType could learn users' credentials when switching
between elements. This issue was addressed by QuickType not learning
from fields where autocomplete is disabled and reapplying the
criteria when switching between DOM input elements in legacy WebKit.
CVE-ID
CVE-2014-4450

Secure Transport
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling CBC cipher suites
when TLS connection attempts fail.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team


Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJURUHQAAoJEBcWfLTuOo7tJMoP/2RPUJpecEmfPnrJHesyWE07
eGVLvu+Qo/VQN2X/aJI4ZxXiZzzEhbo9+HOEmE9hfBW+GwJ+tumOqJ/S0+8X6/BT
955fHTKT8zPHa1OvW2H+CEdeYtxIVTCb14ePmZMfykiyhvvk5HeODKPrj2fO7yL/
Bb9vggEkgZvssrXNQ3SXWLbzTobivaOjGNPXgELUFfCjjZH7Sdf9l8/r+NGR4c4w
YFeDFqfPq9U7ebBt14oH5a+t3ha5uV0Zt1aKFtRkFdJlIwHFMbb7QSUQY1W24Kvt
MKqpWQi1fR2x1k6p5ss6o8S/EeL5Vz6KsPnraWTRayC8w5r6IhVeOLbAEoaI0yON
YoyY9LkFOwx68BZr8q7MyFdN+5iHrlYFG9bfSzIeZ1NmK4cfMgaG+jckoh/GtNjm
voDOHL7qEjDgpAoYZ7XejVKvd5v7xXV8JcnDtmlg+rCh1eH/vyoYX4+PFUW3AiIo
IkgUm0JvaZrOdXP1W2vIqFDHaxGoUMj4Ius+No7X+e4+uDACofBYP8btEdBf2mEW
NBqc2jLZRaXbCpaHK1TCfeqSQLh32pUVWsgsK9ad4uH79tMke2EzyYkwztiksxT3
f4s8MGv2PdYnLjfWc4C5WN8ZbgdILVncTdNUItYvVya1nyuSXkCK6thWS35YEvDp
ViMxSLY5YjSJvhzCf+hk
=5AaA
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close