Patch/Configuration Management, Vulnerability Management

Apple releases iOS 8.2, addresses ‘FREAK’ flaw

Apple released its iOS 8.2 update on Monday to address the “FREAK” vulnerability, as well as to incorporate support for its new Apple Watch.

The FREAK flaw could have allowed attackers to conduct man-in-the-middle attacks on encrypted networks, including Secure Sockets Layer (SSL) and Transport Layer Security (TLS). The vulnerability only affected connections to servers that support export-strength RSA cipher suites, and Apple reportedly addressed it by removing support for ephemeral RSA keys.

iOS 8.2 also patches various arbitrary code execution bugs, including CVE-2015-1061, which was a type confusion issue that existed in IOSurface's handling of serialized objects. The bug was fixed through additional type checking.

Another addressed vulnerability, CVE-2015-1064, could have allowed a person with physical access to a device to see the home screen, even if the device was not activated. Improved error handling during activation fixed the issue. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.