Apple patches close to 100 security holes with iOS 5 update

The new iOS 5 patches 96 vulnerabilities, including 69 security fixes for WebKit, including patches for vulnerabilities related to memory corruption issues that could lead to arbitrary code execution, cross-origin issues that could result in a cross-site scripting attack, a URL spoofing issue that could cause a different URL being shown in the address bar, a configuration issue related to the use of libxslt that could lead to arbitrary code execution, and a number of other WebKit issues and associated vulnerabilities.

The new mobile operating system also patches a vulnerability in Apple's Safari web browser, which could result in a cross-site scripting attack after opening malicious files on certain websites.

In addition, one of the patches includes the already announced fix for the fraudulent DigiNotar certificates. Apple has removed DigiNotar from the list of trusted root certificates and the list of extended validation certificate authorities, and has configured the default system trust settings so that DigiNotar’s certificates are not trusted.

In addition to the security updates, the iOS 5 includes a revamped notification center; iMessage service for sending free text, photo, and video messages between iOS devices; Newsstand, for organizing iOS magazine subscriptions; built-in location-aware Reminders app; system-wide Twitter integration; updates to the Camera app; the PC Free ability to setup and sync iOS devices without needing to connect them to the Mac; and many other features.

In addition, Apple released its iTunes 10.5, which includes patches for a number of Windows-specific security flaws, including a slew of vulnerabilities in Web Kit.

What’s hot on Infosecurity Magazine?