Apple Patches Thunderstrike and 30 bugs in IOS

If you haven’t read our previous post about Thunderstrike, then it read it first.

Apple has just released a major security update for iOS and OS X, it fixes more than 30 flaws. The release of iOS 8.1.3 fixes a vulnerability that allowed and attacker to bypass sandbox restriction in Safari and OS X. Also includes flaws in the iOS kernel and memory corruption bugs in Webkit.

Apple has said:

An issue existed in the handling of URLs redirected from Safari to the iTunes Store that could allow a malicious website to bypass Safari’s sandbox restrictions. The issue was addressed with improved filtering of URLs opened by the iTunes Store.
An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them.

The second ASLR bypass vulnerability is similar and could be used by a malicious or compromised app.

The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection. This was addressed by disabling the mach_port_kobject interface in production configurations.Thunderbolt devices could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates.

A design issue existed in the caching of sandbox profiles which allowed sandboxed applications to gain write access to the cache. This issue was addressed by restricting write access to paths containing a “com.apple.sandbox” segment. This issue does not affect OS X Yosemite v10.10 or later.