In addition to debuting their highly anticipated new watches yesterday, Apple released security patches to address critical flaws in iOS 8.2 and OS X iCloud. Among other fixes, Apple patched a man-in-the-middle vulnerability (CVE-2015-1065) and credited its discovery to NowSecure researcher Andrey Belenko. Devices potentially affected included the iPhone 4s and later, iPod touch (5th generation) and later, and the iPad 2 and later. RBack in 2013, when iOS 7 betas were released I started to research a new feature called iCloud Keychain,S said Belenko. RThe flaw I discovered was a pretty standard stack based overflow that could theoretically allow an attacker to perform remote code execution.S The bug was an iCloud Keychain service/daemon called Rcom.apple.lakituS responsible for recovering iCloud Keychain. Belenko added that remote code execution was unlikely to be accomplished in practice because it depended on a number of preconditions (such as the attacker obtaining a man-in-the-middle position) and because of security mitigations on the devices themselves. ROur mission is to advance mobile security worldwide,S said NowSecure CEO and co-founder Andrew Hoog. RAs part of that, our research team performs security testing to identify security vulnerabilities that may result in data loss, and then responsibly discloses our findings to vendors. WeUre pleased Apple took action to fix this flaw and appreciate them acknowledging our work in the release.S You can visit Apple Support for more information on the security updates included in the iOS 8.2 release.
VP Marketing at NowSecure
Jeff leads the marketing team at NowSecure. With a diverse background in venture capital and operating roles at Ping Identity, Knurld, and Get Satisfaction, Jeff is well-prepared to handle the challenges of team building and scaling growth in complex B2B enterprise software markets. Creative and innovative, Jeff's enthusiasm is as contagious as his unwavering belief in technology as a force for positive change.