Apple released iOS 8.2 for iPhone, iPad and iPod touch, which includes Health app improvements, stability enhancements, bug fixes and support for Apple Watch.
Apple has also published a new knowledge base document, which provides the security content of iOS 8.2.
Apple has patched six security flaws in CoreTelephony, iCloud Keychain, etc. Here are the details:
- CoreTelephonyAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed in CoreTelephony’s handling of Class 0 SMS messages. This issue was addressed through improved message validation.
CVE-2015-1063 : Roman Digerberg, Sweden
- iCloud KeychainAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking.
CVE-2015-1065 : Andrey Belenko of NowSecure
- IOSurfaceAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A type confusion issue existed in IOSurface’s handling of serialized objects. The issue was addressed through additional type checking.
CVE-2015-1061 : Ian Beer of Google Project Zero
- MobileStorageMounterAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to create folders in trusted locations in the file system
Description: An issue existed in the developer disk mounting logic which resulted in invalid disk image folders not being deleted. This was addressed through improved error handling.
CVE-2015-1062 : TaiG Jailbreak Team
- Secure TransportAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris
- SpringboardAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to see the home screen of the device even if the device is not activated
Description: An unexpected application termination during activation could have caused the device to show the home screen. The issue was addressed through improved error handling during activation.
As you might have noticed, Apple has credited “TaiG Jailbreak Team” for discovering the security flaw in “MobileStorageMounter”, which suggests that the TaiG team had used it to jailbreak iOS 8.1.2 and iOS 8.1.1. Apple had patched several security vulnerabilities in iOS 8.1.3 which had killed the TaiG jailbreak and PP Jailbreak.
TaiG team has said that they’re confident about releasing a jailbreak for iOS 8.2. It is not clear what impact the security updates in the public release will have on the iOS 8.2 jailbreak.
It goes without saying that jailbreakers on iOS 8.1.2 or lower should avoid upgrading to iOS 8.2 and be extremely careful while installing jailbreak tweaks.
We’ll let you know as soon as we can get an update. Don’t forget to join our Facebook Fan page, follow us on Twitter, add us to your circles on Google+, subscribe to our RSS feed or our Daily Newsletter for the latest updates on the iOS 8.2 jailbreak.[via Apple]