Apple iOS 5.1 patches 81 vulnerabilities
Alongside its ‘new iPad’ release, Apple Inc. releases iOS 5.1, the latest version of its mobile computing platform with fixes for 81 security holes.
Apple’s latest iOS platform update (iOS version 5.1) includes patches for over 81 bugs. Majority of these bugs are in iOS’ WebKit framework, and are described as ‘memory corruption issues’ by Apple. Apple has issued CVE identifiers for all these vulnerabilities. The iOS platform’s present iteration (iOS 5.0) runs on iPhone 3GS, 4, 4S, iPad, iPad 2 and the third generation iPod touch.
A total of 69 bugs have been fixed in the WebKit framework. This includes 62 memory corruption bugs, five multiple cross-origin bugs and two cross-origin bugs pertaining to content drag-and-drop as well as cookies. Other bug-fixes include patches to the inbuilt VPN (which addresses a format string vulnerability that could cause arbitrary code execution), as well as updates to Safari, Siri and the iOS kernel.
Several passcode lock bypass issues in iOS 5.0 have also been addressed, mitigating an issue that could allow a person with physical access to the device to bypass the screen lock. Issues in libresolv, handling of HFS catalogue files and CFNetwork modules have also been patched, which according to Apple could otherwise lead to the ‘disclosure of sensitive information through a maliciously crafted website,’.
A complete list of changes can be found at this Apple security advisory. This update is available over the air or via iTunes, which has also seen an update to v10.6 to avoid man-in-the-middle attack scenarios while accessing the Apple App store. The iOS 5.1 update can be found here, and you can get information on updating your specific Apple device here.