Related Stories

  • Fake iTunes updates demolish the idea that Apple iOS is secure
    The long-held belief that the Apple iOS platform is inherently secure due to Apple’s walled garden approach to software has been holed once again, this time by a security firm that has developed a method of sending Fake iTunes and Flash updates to iPhone and iPad users.
  • Five reasons not to jailbreak your iPhone
    As crackers are reported to be making inroads into jailbreaking iOS5, the new version of the iPhone and iPad’s portable operating system, a leading smartphone and tablet commuting expert has argued in favor of not unlatching/unblocking the Apple iPhone.
  • Apple patches multiple security holes in iOS 5
    Apple has issued an update to iOS 5 - its operating system for smartphones and tablet computers – solving a number of problems, including battery-draining issues and a 'feature’ that could be used by cybercriminals to sneak compromised apps on to the iTunes app portal.
  • Apple admits iPhone battery issues are down to iOS 5
    After swathes of reports from iPhone users complaining about poor battery life on their shiny new smartphones, Apple has admitted that there is a problem with iOS 5, the new operating system for its portable devices that was released last month.
  • Apple iOS5 generates “unprecedented” increase in BT's broadband network usage
    In the wake of Apple's release of iOS5 – the significantly updated operating system for its portable devices, including the iPhone – BT has revealed that much of the UK's broadband network, which services most ISPs in the UK, saw "unprecedented" levels of data usage in the days following the operating systems' release.

Top 5 Stories


Apple unveils iOS 5.1 with over 80 security fixes

08 March 2012

Apple has unveiled iOS 5.1, the latest version of its mobile operating system, with fixes for over 80 vulnerabilities.

Most of the plugged vulnerabilities involve the WebKit framework used to render web pages in Safari and other applications. Apple warned that visiting a malicious website could lead to a “cross-site scripting attack”, an “unexpected application termination”, or “arbitrary code execution”, according to a security advisory.

A number of screen lock bypass issues were fixed, including a race condition issue in the handling of slide to dial gestures. “This may allow a person with physical access to the device to bypass the passcode lock screen”, Apple warned. The passcode lock flaw was discovered by Roland Kohler of the German Federal Ministry of Economics and Technology. In addition, a Siri screen lock flaw could allow an “attacker with physical access to a locked phone” to “get access to frontmost email message.”

Other flaws fixed include an issue with CFNetwork that could result in “disclosure of sensitive information” after visiting malicious websites, a problem with HFS in which “mounting a maliciously crafted disk image may lead to a device shutdown or arbitrary code execution”, a logic issue in which a malicious program could bypass sandbox restrictions, and a format string vulnerability in VPN that could enable a maliciously crafted system configuration file to result in arbitrary code execution with system privileges.

Only a few hours after Apple released iOS 5.1, the iPhone Dev Team announced that it had updated the redsn0w jailbreak tool so that it “supports a tethered 5.1 jailbreak.”

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×