iOS 8.1.1
Apple patches security flaws in iOS 8.1.1.OSXDaily

Apple has pushed out the latest iteration to iOS 8, iOS 8.1.1 with build number 12B435 for iPhone, iPad and iPod touch.

Along with the bug fixes and performance improvements, the iOS 8.1.1 integrates a number of security fixes including the exploits used by Pangu jailbreak, an untethered jailbreak version for devices running iOS 8-iOS 8.1.

While the Chinese jailbreak developer has already confirmed that the iOS 8.1.1 beta patches the exploits used in the jailbreak, Apple has now made this public via the posting at Apple Support page.

The company has listed a few security patches in iOS 8.1.1 (in the document on security content) , out of which three exploits are by Pangu jailbreak namely, dyld, kernel and sandbox profiles. Another flaw in the update is a privacy loophole, which could allow an unauthorised user view and send photos from lock screen.

Following are the details about the security flaws fixed by Apple in iOS 8.1.1.

dyld

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A local user may be able to execute unsigned code

Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.

CVE-ID

CVE-2014-4455 : @PanguTeam

Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata.

CVE-ID

CVE-2014-4461 : @PanguTeam

Sandbox Profiles

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious application may be able to launch arbitrary binaries on a trusted device

Description: A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver's sandbox.

CVE-ID

CVE-2014-4457 : @PanguTeam

[Source: iPhoneHacks]