Apple iOS 9 packs huge set of security patches

Apple's latest version of its iOS mobile operating system comes with many new features, but also a large amount of security patches to plug vulnerabilities with varying degrees of severity.

No fewer than 98 common vulnerability and exposures database listed bugs (CVEs) have been patched in iOS 9, found by both Apple and security researchers.

In comparison, the previous iOS 8.4 took care of 34 CVEs.

iOS 9 sorts out a flaw in the AirDrop wireless file sharing feature that could be abused to plant malware on user devices in range of attacks - even when the files in question were rejected by users.

The AirDrop flaw was discovered by Australian security researcher Mark Dowd of Azimuth Security.

Information in apps is better protected in iOS 9, preventing other developers from scanning programs installed on iPhones and iPads to glean information on users and apps.

The JavaScriptCore in the WebKit page rendering platform contained memory corruption issues that meant malicious websites could arbitrarily execute code on users' devices; six CVEs covering JavaScriptCore were addressed by Apple.

In total, some 30 remotely exploitable vulnerabilities were fixed in JavaScriptCore and Webkit.

Apple also shored up SSL/TLS authentication and security of internet traffic, sorting out an issue that meant it was possible to listen in on encrypted communications due to a bug in digital certificate handling in iOS.

A number of spoofing issues that could be used to trick users into thinking they were visiting legitimate sites was also dealt with, and it's no longer possible in iOS 9 to exploit a flaw that allowed attackers to send a bogus email that appeared as though it came from a contact in the address book.

Additionally, the security code to lock devices has been lengthened to six digits from four in iOS 9, making it substantially harder to guess the sequence of numbers.