iPhone Security Holes Patched

Wednesday, May 9, 2012 @ 02:05 PM gHale


Apple released an iOS 5.1.1 update that closes four security holes in the iPhone and iPad operating system.

Among the flaws is a WebKit problem that could allow a maliciously crafted web site to crash applications or execute arbitrary code to take control of the device.

RELATED STORIES
Hacked Sites Load up for Android
Beware: TigerBot can Control Android
Cyber Report: Attacks on Rise
Treason Bug Hacks into iPhones

The memory corruption flaw, discovered by the Google Chrome Security Team, affects iPhone 3GS, iPhone 4 and 4s, third generation and later iPod Touch and the iPad and iPad 2.

Another pair of flaws, one used in Google’s Pwnium contest by Sergey Glazunov, allowed the staging of a cross-site scripting attack. The final flaw was a URL spoofing problem which allowed illegitimate domains to visually appear in the address bar as legitimate sites.

The 5.1.1 update also corrects a number of non-security problems, with more reliable HDR photography options for the lock screen camera, better 2G/3G network switching on the new iPad, fixes for Airplay video playback and Safari syncing and a permanent fix to a problem that made the iTunes store say “Unable to purchase” after a successful purchase.

The update to 5.1.1 is available via iTunes for iPhones and iPads that have not upgraded to iOS 5. iOS 5.x devices can update over the air by selecting Settings ➤ General ➤ Software Update.



Leave a Reply

You must be logged in to post a comment.