Mobile devices are becoming smarter and more convenient. The problem with that is they become targets. And now that your data is mobile, theft is an issue. But there is a more insiduous theft that can happen. That’s because it can happen while you are holding the device and not even know the theft happened.
Here is the rolldown on the vulnerabilities – there are a lot:
- Coregraphics and ImageIO vulnerabilities that can lead to a compromised system.
- Exchange server certs that can be accepted without prompting, leading to credential theft.
- International Components for Unicode allows security bypassing.
- libxml2 and IPSec vulnerabilities that can allow a denial of service attack
- Problem in mail can cause an uninitiated phone call “if an application causes an alert during the call approval dialog.”
- Vulnerabilities in the Webkit allow Cross-site scripting attacks and system take over.