Apple has patched the FREAK SSL vulnerability, along with a nasty bug that could’ve allowed a remote attacker to restart a user’s iPhone via SMS, with the release of iOS 8.2.
The new version of Apple’s mobile operating system contains a number of vulnerability fixes, with the FREAK patch being the most prominent among them. That vulnerability is caused by the fact that some SSL clients and servers will accept weak 512-bit RSA keys in some circumstances, allowing an attacker who can intercept that key to then factor it offline and decrypt future secure sessions.
“Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys,” the Apple advisory says.
The remote restart issue is caused by a vulnerability in the CoreTelephony component of iOS. An attacker using this bug could cause a device to restart without the user’s interaction.
“A null pointer dereference issue existed in CoreTelephony’s handling of Class 0 SMS messages. This issue was addressed through improved message validation,” Apple’s advisory says.
Apple iOS 8.2 also fixes a vulnerability in the iCloud keychain function that was the result of several buffer overflows.
“Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking,” Apple said.