Top 5 Stories


Apple unveils iOS 5.1 with over 80 security fixes

08 March 2012

Apple has unveiled iOS 5.1, the latest version of its mobile operating system, with fixes for over 80 vulnerabilities.

Most of the plugged vulnerabilities involve the WebKit framework used to render web pages in Safari and other applications. Apple warned that visiting a malicious website could lead to a “cross-site scripting attack”, an “unexpected application termination”, or “arbitrary code execution”, according to a security advisory.

A number of screen lock bypass issues were fixed, including a race condition issue in the handling of slide to dial gestures. “This may allow a person with physical access to the device to bypass the passcode lock screen”, Apple warned. The passcode lock flaw was discovered by Roland Kohler of the German Federal Ministry of Economics and Technology. In addition, a Siri screen lock flaw could allow an “attacker with physical access to a locked phone” to “get access to frontmost email message.”

Other flaws fixed include an issue with CFNetwork that could result in “disclosure of sensitive information” after visiting malicious websites, a problem with HFS in which “mounting a maliciously crafted disk image may lead to a device shutdown or arbitrary code execution”, a logic issue in which a malicious program could bypass sandbox restrictions, and a format string vulnerability in VPN that could enable a maliciously crafted system configuration file to result in arbitrary code execution with system privileges.

Only a few hours after Apple released iOS 5.1, the iPhone Dev Team announced that it had updated the redsn0w jailbreak tool so that it “supports a tethered 5.1 jailbreak.”

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×