Upgrade To iOS 8, Security Flaws Makes iOS 7 Risky
Apple users those whore using the iOS 7, are in a risky position as it contains serious security flaws. Apples latest iOS8 is to fix some security issues if you upgraded.
One of the bigger threats is a vulnerabilityCVE-2014-4377 in how iOS processes PDF files as images. An attacker who exploits the flaw could use a malicious Web page viewed by the user in Safari to run code on the victim's device, according to adescription of the problem posted this week by Argentinian security consultancy Binamuse.
A proof-of-concept attack is "a complete 100% reliable and portable exploit for MobileSafari on IOS7.1.x," Felipe Andres Manzano, principal consultant at Binamuse, stated in the company's analysis.
The above said issue is confirmed by Apple, and it says it is fixed in iOS 8.0 released on September 17. They also released a patch after a week, iOS 8.0.1 due to widespread Touch ID and cellular issues caused by the software update. iOS 8.0.2, released the day after 8.0.1, resolved those problems.
For the many users of older Apple iPhones, such as the iPhone 4, which cannot upgrade to iOS 8, a patch is unlikely to be forthcoming, security experts said. While the exploit allows an attacker to run code on the compromised device, they may only be able to run legitimate applications, a restriction imposed on all but jailbroken phones. "So it might be that this vulnerability alone, may not be enough to infect the phone with malware, unless you combine it with other exploits," Hirvonen said.
Manzano agreed, adding "this exploit needs a companion information-leakage vulnerability to bypass ASLR, DEP and code-signing iOS exploit mitigations." In the iOS 8 upgrade, Apple fixed just such an issue, CVE-2014-4384, which allows an attacker to install unverified apps.
So the iPhone and iPad users those whore still running iOS 7, beware of the flaws and upgrade to new iOS8 as soon as possible.