Apple iOS 7.04 Fixes App Store Purchase Flaw

2013-11-15T07:26:40
ID THREATPOST:3AF5E4B4C9953502C6F4C4C00DF9BB8A
Type threatpost
Reporter Dennis Fisher
Modified 2013-11-15T12:26:40

Description

Apple has released a new fix for iOS 7–no, it doesn’t roll your phone back to iOS 6–that patches a vulnerability that enabled a user to make app or in-app purchases without needing to enter a password.

The release of iOS 7.04 marks the third update of the iPhone operating system in the short time since Apple pushed out iOS 7 in September. The new OS represented a major change from the older operating systems, both in the look and feel of the software and in its functionality. There’s much zooming in and out and all about in iOS 7, as well as a blurry background that has drawn quite a bit of criticism.

iOs 7 also was a major security release, fixing issues with the iPhone’s certificate trust policy as well as remote code-execution vulnerabilities in the CoreGraphics and CoreMedia components. Quickly following the release of iOS 7 researchers discovered a method for bypassing the passcode lock on the iPhone using two different methods. Apple ended up fixing those in point releases in October.

Now, the company has pushed out another patch for iOS 7, this one with a single security fix.

“A signed-in user may be able to complete a transaction without providing a password when prompted. This issue was addressed by additional enforcement of purchase authorization,” the Apple advisory says.

To update, iPhone users can go to their Settings and install the software update.

Image from Flickr photos of Klaus.