14 DAY TRIAL // Apple is now offering iOS 7.1.2 both over-the-air (OTA) and through iTunes, while the security side of the update has also been disclosed in a standard advisory. See what’s new in this release as we prepare for the massive iOS 8 rollout this fall.
iOS 7.1.2 was handed to end users yesterday evening around 19:30 (GMT+2), at which point there was little information about the update.
Some users wouldn’t even receive the OTA notification until several hours later, and the security document that listed many of the patches included in the update was hidden from sight.
Not anymore. We now have the full scoop on Apple’s intentions with iOS 7.1.2, including the numerous security fixes that occurred in this release.
“This update contains bug fixes and security updates,” Apple says. One of the patches improves iBeacon connectivity and stability, and there are also some code corrections for data transfer for 3rd-party accessories, including bar code scanners.
An issue with data protection class of Mail attachments is also patched, but this is just scratching the surface as far as iOS 7.1.2 is concerned.
An advisory titled “About the security content of iOS 7.1.2” reveals that the update packs dozens of patches for recently found flaws in WebKit, Certificate Trust Policy, Kernel, CoreGraphics, launchd, Lockdown, Lock Screen, and many other areas.
Some of the most serious vulnerabilities deal with Activation Lock.
“Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers,” Apple explains.
Another such flaw would allow someone with physical access to the iDevice to exceed the maximum number of failed passcode attempts.
The fruity company explains that “In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit.”
A vulnerability that was widely discussed by security researchers last month, “Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device,” reads the description of a Mail flaw. “This issue was addressed by changing the encryption class of mail attachments,” Apple says.
Available via iTunes or OTA, iOS 7.1.2 is compatible with iPhone 4, iPhone 4S, iPhone 5, iPhone 5s, iPhone 5c, iPad second generation, iPad third generation, iPad fourth generation, iPad Air, iPad mini, iPad mini with Retina display, and iPod touch fifth generation.
Read through Apple’s full advisory to see what else has been fixed in terms of security. Since it includes so many patches, the update is highly recommended to everyone running iOS 7. Also worth noting is that the Pangu jailbreak still works with this new firmware, according to reports.