Pages

Kamis, 17 Mei 2012

Apple updates iOS to 5.1.1 with vulnerability fixes


Takeaway: Wil Limoges details what is in the latest iOS update 5.1.1 and recommends that users update immediately to close some big security holes.
Apple this week has updated iOS from 5.1 to 5.1.1. The update brings several improvements and bug fixes including:
  • the reliability of using HDR options for photos taken when using the Lock Screen shortcut
  • addresses a network switching issue between 2G and 3G networks for some iPads
  • fixes a bug that affects AirPlay video playback
  • improved Safari bookmark and Reading List syncing
  • fixes an alert issue caused when purchasing Apps.
You can read about the updates here.
Additionally, Apple has updated it’s knowledge base article, found here, to reflect some additional security flaws that is addressed by the 5.1.1 update, which should be considered very serious. The security updates that iOS received addresses three issues dealing with Safari and WebKit, all of which can leave a user vulnerable to scammers and phishing sites.

iOS 5.1.1 software security update summary

The first of the three is a vulnerability dealing with the way that Safari handles URLs. The flaw allows malicious sites to spoof the URL of the site that a user is visiting, allowing it to appear as though they are safely browsing the intended webpage.
The second is a vulnerability that can allow certain scripts to be injected into a page as though it had been living there all along. The unsuspecting user could interact with the script invoking a myriad of unwanted attacks on the user.
The third security exploit called an RCE, or remote code execution vulnerability, can be used to crash Safari causing Safari to invoke a script that could potentially be run at lower levels then intended, potentially crippling the OS.
Each of these are again very serious threats to iOS users and I highly recommend that any devices currently running iOS 5.1 be updated to 5.1.1.

Related Apple Security news to know

ZDNet: Apple security blunder exposes Lion login passwords in clear textEmil Protalinski reported that with the latest Lion security update, Mac OS X 10.7.3, Apple has accidentally turned on a debug log file outside of the encrypted area that stores the user’s password in clear text:
Anyone who used FileVault encryption on their Mac prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault is vulnerable. FileVault 2 (whole disk encryption) is unaffected.
ZDNetApple releases OS X 10.7.4 addressing password security vulnerability 
Apple has released OS X Lion 10.7.4. The update includes performance improvements as well as a bunch of fixes, including the FileVault bug that was recently widely covered across the Web.