Apple Closes iPhone, iPad holes

Tuesday, November 15, 2011 @ 10:11 PM gHale


With Apple getting more play in the automation sector either through its smartphone or its iPad, it it is worth reporting the company just released iOS 5.0.1 – an update to October’s publication of iOS 5.0 for iPhones and iPads.

The update includes fixes for two major security holes discovered since the release. One researcher revealed he was able to run unsigned code on Apple’s devices by exploiting a flaw in versions of iOS 4.3 and later.

RELATED STORIES
Chrome Update Fills in Holes
Adobe Patches 12 Critical Flash Holes
Firefox 8 Patches 8 Bugs
Zeus Now Using Autorun
Old Becomes New: DLL Loading is Back

That flaw, a logic error in the kernel’s mmap system call and its checking of flags, is now fine. Exploitation of the flaw could allow an attacker to inject unsigned code into a maliciously crafted signed application, bypassing many of Apple’s security restrictions.

The problem with the iPad 2’s Smart Cover and iOS 5.0 which could allow an attacker to bypass the passcode lock. Among the other issues resolved in the update are two flaws which said to “lead to the disclosure of sensitive information”: One in CFNetwork’s handling of URLs and the other in the handling of DNS lookups. Apple also configured the default trust system for certificates to no longer trust DigiCert Malaysia’s certificates after they discovered they were weak and incorrectly formed.

The iOS update also addresses a number of non-security issues including fixing bugs which reduced battery life.

The update is also the first iOS update to be available OTA (Over The Air). iPhone and iPad users with iOS 5.0 on their device can select Settings ➤ General ➤ Software Update and follow the instructions there. They can also use iTunes on their desktop computer to install the update when they synchronize the device, as can users who have not yet installed iOS 5.



Leave a Reply

You must be logged in to post a comment.