The Tuesday release of OS X Yosemite 10.10.4 and iOS 8.4 brought new features such as Apple Music, but it also came with fixes for numerous security vulnerabilities.
In both the OS X and iOS updates, Apple addressed CVE-2015-4000 in coreTLS, also known as Logjam, a threat that could enable an attacker with a privileged network position to intercept SSL/TLS connections, according to an OS X release and iOS release.
Apple said in both releases that “coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites” and that an attacker could “downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits.”
Some other vulnerabilities that have been addressed in OS X 10.10.4 – several of which can enable arbitrary code execution, unexpected application termination, and gaining admin privileges – include multiple bugs in Apache and OpenSSL, as well as flaws in Mail, Safari and QuickTime.
The release of iOS 8.4 comes with fixes for vulnerabilities that offer attackers two vectors for carrying out the Masque Attack, dubbed Manifest Masque and Extension Masque, which can be used to demolish apps and break the app data container, a Tuesday FireEye post indicated.
“Our investigation also shows that around one third of iOS devices still have not updated to versions 8.1.3 or above, even 5 months after the release of 8.1.3, and these devices are still vulnerable to all the Masque Attacks,” the post said.
A number of other iOS 8.4 bugs were addressed in the update – such as vulnerabilities in ImageIO, Mail, Safari, and SQLite – that can be exploited by attackers to enable arbitrary code execution, unexpected application termination and account takeover.