try {} except

iOS 8.4 update

iOS 8.4, what’s new

Apple just released iOS 8.4 for iPhones 4S and iPad 2 or greater.

New Features

Apple Music

  • Become an Apple Music member to play millions of songs from the Apple music catalog, or keep them offline for playback later.
  • For You: Members can see playlist and album recommendations, handpicked by music experts.
  • New: Members can find the latest, greatest new music available — direct from Apple Music’s editors.
  • Radio: Tune in to music, interviews and exclusive radio shows on Beats 1, play radio stations created by Apple Music editors or create your own from any artist or song.
  • Connect: See shared thoughts, photos, music and videos from artists you follow, then join the conversation.
  • My Music: Play all of your iTunes> purchases, songs from Apple Music, and playlists in one place.*
  • Completely redesigned music player that includes new features such as Recently Added, MiniPlayer, Up Next, and more.
  • iTunes Store: Still the best place to buy your favorite music — one song or album at a time.
  • Availability and features may vary by country.

iBooks

  • Browse, listen and download audiobooks from inside iBooks.
  • Enjoy the all-new Now Playing feature, designed specifically for audiobooks.
  • Books that are Made for iBooks now work on the iPhone in addition to the iPad.
  • Find and pre-order books in a series right from your library.
  • Improves accessibility of widgets, glossary and navigation in books made with iBooks Author.
  • New default Chinese font.
  • New setting to turn off Auto-Night theme in your library.
  • Resolves an issue that may have prevented Hide Purchases from working.
  • Resolves an issue that may have prevented downloading books from iCloud.

Other

  • Fixes an issue where receiving a specific series of Unicode characters causes device to reboot.
  • Fixes an issue that prevented GPS accessories from providing location data.
  • Fixes an issue where deleted Apple Watch apps could re-install.

Security Updates

Some of the following may interfere with some known Jailbreaking methods, or even in some non-jailbreaking, non-apple-legal apps such as vshare.com

  • Application Store: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: A malicious universal provisioning profile app may prevent apps from launchingDescription: An issue existed in the install logic for universal provisioning profile apps, which allowed a collision to occur with existing bundle IDs. This issue was addressed through improved collision checking.
  • Certificate Trust Policy: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: An attacker with a privileged network position may be able to intercept network trafficDescription: An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. Further details are available about the security partial trust allow list.
  • Certificate Trust Policy: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: Update to the certificate trust policyDescription: The certificate trust policy was updated. The complete list of certificates may be viewed at the iOS Trust Store.
  • CFNetwork HTTPAuthentication: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: Following a maliciously crafted URL may lead to arbitrary code execution. Description: A memory corruption issue existed in handling of certain URL credentials. This issue was addressed with improved memory handling.
  • CoreGraphics: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code executionDescription: Multiple memory corruption issues existed in the handling of ICC profiles. These issues were addressed through improved memory handling.
  • CoreText: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: Processing a maliciously crafted text file may lead to an unexpected application termination or arbitrary code executionDescription: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking.
  • coreTLS: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: An attacker with a privileged network position may intercept SSL/TLS connectionsDescription: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits.
  • DiskImages: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: A malicious application may be able to determine kernel memory layoutDescription: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management.
  • FontParser: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code executionDescription: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved input validation.
  • ImageIOAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and laterImpact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in the processing of .tiff files. This issue was addressed with improved bounds checking.
  • ImageIO: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: Multiple vulnerabilities exist in libtiff, the most serious of which may lead to arbitrary code executionDescription: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. They were addressed by updating libtiff to version 4.0.4.
  • Kernel: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: A malicious application may be able to determine kernel memory layoutDescription: A memory management issue existed in the handling of HFS parameters which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management.
  • Mail: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later. Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewedDescription: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. The issue was addressed through restricted support for HTML content.
  • MobileInstallation: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: A malicious universal provisioning profile app can prevent a Watch app from launchingDescription: An issue existed in the install logic for universal provisioning profile apps on the Watch which allowed a collision to occur with existing bundle IDs. This issue was addressed through improved collision checking.
  • Safari: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: Visiting a maliciously crafted website may compromise user information on the filesystemDescription: A state management issue existed in Safari that allowed unprivileged origins to access contents on the filesystem. This issue was addressed through improved state management.
  • Safari: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: Visiting a maliciously crafted website may lead to account takeoverDescription: An issue existed where Safari would preserve the Origin request header for cross-origin redirects, allowing malicious websites to circumvent CSRF protections. The issue was addressed through improved handling of redirects.
  • Security: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: A remote attacker may cause an unexpected application termination or arbitrary code executionDescription: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. This issue was addressed through improved validity checking.
  • SQLite: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: A remote attacker may cause an unexpected application termination or arbitrary code executionDescription: Multiple buffer overflows existed in SQLite’s printf implementation. These issues were addressed through improved bounds checking.
  • Telephony: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: Maliciously crafted SIM cards may lead to arbitrary code executionDescription: Multiple input validation issues existed in the parsing of SIM/UIM payloads. These issues were addressed through improved payload validation.
  • WebKit: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: Visiting a malicious website by clicking a link may lead to user interface spoofingDescription: An issue existed in the handling of the rel attribute in anchor elements. Target objects could get unauthorized access to link objects. This issue was addressed through improved link type adherence.
  • WebKit: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • WebKit: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code executionDescription: An insufficient comparison issue existed in SQLite authorizer which allowed invocation of arbitrary SQL functions. This issue was addressed with improved authorization checks.
  • WebKit: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: A maliciously crafted website can access the WebSQL databases of other websitesDescription: An issue existed in the authorization checks for renaming WebSQL tables which could have allowed a maliciously crafted website to access databases belonging to other websites. This was addressed through improved authorization checks.
  • WiFi Connectivity: Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later; Impact: iOS devices may auto-associate with untrusted access points advertising a known ESSID but with a downgraded security typeDescription: An insufficient comparison issue existed in WiFi manager’s evaluation of known access point advertisements. This issue was addressed through improved matching of security parameters.

Original article @ Apple’s website

Posted

in

by

Manuel Gomes

Tags:

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from try {} except

Subscribe now to keep reading and get access to the full archive.

Continue reading