Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple’s iOS 7.1.1 fixes Webkit bugs, encryption bypass issue

About a month after the introduction of iOS 7.1, Apple has released an updated version of the mobile operating system, which includes a number of security fixes.

Released Tuesday, iOS 7.1.1 brings fixes for a total of 19 bugs affecting iPhone, iPad and iPod Touch users. While the majority of the patches remediated memory corruption vulnerabilities (16 in total) in open-source browser engine Webkit, one iOS fix addressed a critical bug (CVE-2014-1295), which could allow a bypass of encryption safeguards so that user data is exposed.

The security issue, which could lead to exploit via “triple handshake” attacks, was also present in Apple's Mountain Lion and Mavericks operating systems, prior to Mac OS X update shipped Tuesday.

In a security advisory, Apple said that the bypass could be successfully carried out by an intruder with a privileged network position.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.