- Fukushima Report: Robot Lifts Melted Fuel
- TÜV, Nozomi Ink Partnership Pact
- Pangea Patches Bypass Vulnerability
- Fuji Fixes FRENIC Devices
- ARC: Safety and Profitability Work Together
- Public Needs to Know About Chem Releases: Judge
- Robot Testing Radioactive Fuel at Fukushima
- Siemens Fixes CP1604, CP1616 Holes
- Siemens has Upgrade for Intel AMT
- Siemens Fixes Hole in SIMATIC S7-300 CPU
- Siemens has Licensing Software Fix for SICAM 230
- Siemens Fixes Ethernet Communication Module, Relays
- OSIsoft has Update for PI Vision Hole
- First Responders Test Technology
- Manufacturing Targeted in Hack Attack
- Siemens Fixes SICAM A8000 RTU Series Hole
Chemical Safety Incidents
Apple Updates iOS
Tuesday, January 29, 2013 @ 05:01 PM gHale
Apple fixed dozens of security vulnerabilities in iOS with the release of version 6.1, including a serious flaw in the kernel and a number of bugs in the WebKit framework.
In addition, the company also revoked trust in the bad TurkTrust certificates discovered late last year.
RELATED STORIES
App on iPhone Insecure
Apple iOS 6, Safari Security Fixes
Apple Updates Java for Older Macs
Apple ID Phishing Scam
One of the key vulnerabilities fixed in iOS 6.1 is in the operating system’s kernel which could enable an attacker to access kernel memory. Mark Dowd of Azimuth Security was the first to find the vulnerability.
“The iOS kernel has checks to validate that the user-mode pointer and length passed to the copyin and copyout functions would not result in a user-mode process being able to directly access kernel memory,” said the Apple advisory. “The checks were not being used if the length was smaller than one page. This issue was addressed through additional validation of the arguments to copyin and copyout,” the advisory said.
In addition to the kernel bug and the revocation of trust in the TurkTrust certificates, Apple also patched more than 20 flaws in the WebKit framework. The majority of those vulnerabilities are memory-corruption bugs, but there also are patches for two cross-site scripting flaws included in iOS 6.1. Many of the WebKit vulnerabilities came from the Google Chrome security team.
Leave a Reply
You must be logged in to post a comment.