iOS 8.2
Apple has released iOS 8.2 with Apple Watch support. wallpaperscraft

Apple has just released iOS 8.2 for compatible iPhone, iPad and iPod touch models. The release introduces support for Apple Watch, improvements to the health app and increased stability. It also has an array of bug fixes.

Apple has posted a document on its support site describing the security content of iOS 8.2. According to the release note, iOS 8.2 patches the security flaws including CoreTelephony, iCloud Keychain, IOSurface, MobileStorageMounter, Secure Transport and Springboard. The update also patches the MobileStorageMounter (CVE-2015-1062: TaiG Jailbreak Team), which is for the TaiG jailbreak team.

Check out the following descriptions for the security patches in iOS 8.2.

CoreTelephony

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A remote attacker can cause a device to unexpectedly restart

Description: A null pointer dereference issue existed in CoreTelephony's handling of Class 0 SMS messages. This issue was addressed through improved message validation.

CVE-ID

CVE-2015-1063: Roman Digerberg, Sweden

iCloud Keychain

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An attacker with a privileged network position may be able to execute arbitrary code

Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking.

CVE-ID

CVE-2015-1065: Andrey Belenko of NowSecure

IOSurface

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A type confusion issue existed in IOSurface's handling of serialized objects. The issue was addressed through additional type checking.

CVE-ID

CVE-2015-1061: Ian Beer of Google Project Zero

MobileStorageMounter

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious application may be able to create folders in trusted locations in the file system

Description: An issue existed in the developer disk mounting logic which resulted in invalid disk image folders not being deleted. This was addressed through improved error handling.

CVE-ID

CVE-2015-1062: TaiG Jailbreak Team

Secure Transport

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An attacker with a privileged network position may intercept SSL/TLS connections

Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.

CVE-ID

CVE-2015-1067: Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris

Springboard

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A person with physical access to the device may be able to see the home screen of the device even if the device is not activated

Description: An unexpected application termination during activation could have caused the device to show the home screen. The issue was addressed through improved error handling during activation.

CVE-ID

CVE-2015-1064

iOS hacker, Stefan Esser, commonly known as i0n1c, has tweeted that the iOS 8.2 security update has fixed another exploit used in TaiG jailbreak. He mentions that Apple has been trying to fix these vulnerabilities but some of its key elements the jailbreakers rely are yet to be fixed.

At present there is no update from the Chinese jailbreak team, TaiG, which last month released a new update version 1.3.0 to their untethered jailbreak tool, adding support for iOS 8.2 beta 1 and 2 (Windows only).

Meanwhile, MuscleNerd, one of the members of the iPhone dev team has advised the jailbreak community not to update to iOS 8.2.