Related Stories

Top 5 Stories


Apple patches close to 100 security holes with iOS 5 update

12 October 2011

Apple has released its next-generation mobile operating system, iOS 5, which includes over 200 new features and close to 100 security fixes.

The new iOS 5 patches 96 vulnerabilities, including 69 security fixes for WebKit, including patches for vulnerabilities related to memory corruption issues that could lead to arbitrary code execution, cross-origin issues that could result in a cross-site scripting attack, a URL spoofing issue that could cause a different URL being shown in the address bar, a configuration issue related to the use of libxslt that could lead to arbitrary code execution, and a number of other WebKit issues and associated vulnerabilities.

The new mobile operating system also patches a vulnerability in Apple's Safari web browser, which could result in a cross-site scripting attack after opening malicious files on certain websites.

In addition, one of the patches includes the already announced fix for the fraudulent DigiNotar certificates. Apple has removed DigiNotar from the list of trusted root certificates and the list of extended validation certificate authorities, and has configured the default system trust settings so that DigiNotar’s certificates are not trusted.

In addition to the security updates, the iOS 5 includes a revamped notification center; iMessage service for sending free text, photo, and video messages between iOS devices; Newsstand, for organizing iOS magazine subscriptions; built-in location-aware Reminders app; system-wide Twitter integration; updates to the Camera app; the PC Free ability to setup and sync iOS devices without needing to connect them to the Mac; and many other features.

In addition, Apple released its iTunes 10.5, which includes patches for a number of Windows-specific security flaws, including a slew of vulnerabilities in Web Kit.

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×