Apple patches latest iOS security flaws, but more may surface

Apple's problem, Infosecurity notes, is that there is army of software developers making a living from jailbreaking – unlatching the iPhone and cellular-enabled iPad from the mobile network that has subsidized the device.

And because of this, as each new version of the iOS operating system is released, it is pored over for jailbreaking flaws, which are then exploited.

Furthermore, as each jailbreak-enabling exploit is patched, others are revealed by astute programmers working steadily to reverse engineer the Apple mobile operating system.

According to the ZDNet newswire, the flaws – when exploited by the Jailbreakme.com project – allow remote code execution attacks via specially rigged fonts and escalation of privileges to escape the iOS memory sandbox.

The Jailbreakme.com project, notes the newswire, used rigged PDF files to deliver the malformed fonts.

Weekend security postings, meanwhile, have confirmed that other potential flaws are being worked upon to allow further jailbreaking procedures, although the processes involved are much more complex.

According to Andrew Storms, director of security operations for nCircle, the audit and compliant specialist, problems may occur if cybercriminals exploit the flaws on unpatched iPhones and iPads.

Apple, he says, released this latest fix less than 10 days from the time it went public on July 6, just like they did last time there was a serious jailbreak vulnerability.

"These vulnerabilities have been getting a lot of attention from security researchers because the exploits appear to overcome a number of security features on the iPhone. If this turns out to be the case, Apple could be in for some serious problems", he said.

"The enormous number of iPhones out there, coupled with the 'click-and-be-hacked' potential demonstrated by the JailbreakMe tool, showed hackers that this bug could have been used to distribute a wide variety of malware", he added.

Storms went on to say that, fortunately for Apple and millions of iPhone users, so far we haven't seen massive attacks using this bug in the wild.

"Now we just have to wait and hope users will install the latest patches as soon as possible because there are no known mitigations available", he noted.

What’s Hot on Infosecurity Magazine?