Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Apple patches multiple security holes in iOS 5

As reported previously, serial Apple Mac cracker Charlie Miller has tapped a feature of Apple's portable operating system and created a proof-of-concept iPhone/iPad app that allows almost complete remote access to the device.

The gameplan was for former NSA analyst Charlie Miller – who has reportedly been ejected from the Apple developer corps for his trouble – to detail his findings at the SysCan security event in Taiwan this week.

The ticker app – which was removed from iTunes as news of Miller’s discovery broke earlier in the month - behaves like a remote access trojan (RAT).

Last Thursday saw iTunes users auto-offered an update to iOS5 that fixes a number of security issues.

According to Kaspersky Lab's ThreatPost newswire, Miller’s discovery centred on a logic error in the memory map system call's validation `memory flag’ combinations that effectively allowed applications to bypass Apple’s code-signing checks.

“The patch on Thursday also fixed another widely publicized iPad passcode flaw linked to the attached Smart Cover. That security hole allowed users access to the content of a given device without first requiring them to enter a passcode”, says the newswire.

Other problems solved with the patch for potentially malformed URLs and a memory issue with CoreGraphics' FreeType that could – in certain circumstances – allow malware on to the Apple portable device.

ThreatPost also reports that the iOS 5 updated revoked DigiCert Malaysia’s trusted root certificate status and solved a flaw in libinfo that could lead to the disclosure of sensitive information when visiting a maliciously crafted website.

What’s Hot on Infosecurity Magazine?