Apple iOS 6, Safari Security Fixes

Monday, November 5, 2012 @ 04:11 PM gHale


Apple released updates for iOS 6 which include security fixes.

The iOS 6.0.1 update includes security fixes for the kernel, passcode locking and WebKit. The WebKit issues also ended up fixed in an update of the Safari web browser for Mac OS X.

RELATED STORIES
Apple Updates Java for Older Macs
Apple ID Phishing Scam
Weak Crypto Keys Fixed
Windows Help Files an Attack Vector

The kernel flaw allowed maliciously crafted applications to bypass the ASLR (Address Space Layout Randomization) system and discover kernel addresses. The passcode lock problem allowed anyone with physical access to a device to gain access to the new Passbook application’s passes which could have included tickets, boarding passes or vouchers.

The two WebKit holes both opened up the possibility of a malicious web site either terminating the application or running arbitrary code; one involved the checking of JavaScript arrays and the other was a use-after-free issue with SVG images. Pinkie Pie reported the latter flaw as part of the Pwnium 2 contest.

The iOS 6.0.1 software update also includes fixes for the iPhone 5 to allow it to install over the air updates and to make it work better with WPA2 Wi-Fi networks. There are also corrections for bugs which flashed horizontal lines over the keyboard and stopped the camera flash going off.

The two WebKit issues were also the only issues apparently fixed in the Safari 6.0.2 update. Safari 6.0.2 is available through Software Update for Mac OS X 10.7 Lion and the Mac App Store for Mac OS X 10.8 Mountain Lion.



Leave a Reply

You must be logged in to post a comment.