Apple Reveals Security Fixes In iOS 5.1.1

iOS 5.1.1

After releasing iOS 5.1.1 update for the iPhone, iPad, and iPod Touch, Apple has finally decided to update its support webpage regarding the new software’s security tweaks which include one Safari browser and two WebKit fixes.

The new iOS update released various bug fixes including HDR reliability, network switching, as well as AirPlay video playback bugs. However, it failed to specify what security tweaks had been added. The refresh from the security page informs that Apple has taken care of the previously discovered custom URL spoofing exploit as well as information about two WebKit fixes.

The security fixes (from the updated support page) are as follows:

iOS 5.1.1 Software Update

Safari

Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Impact: A maliciously crafted website may be able to spoof the address in the location bar

Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.

CVE-ID

CVE-2012-0674 : David Vieira-Kurz of MajorSecurity (majorsecurity.net)

WebKit

Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

Description: Multiple cross-site scripting issues existed in WebKit.

CVE-ID

CVE-2011-3046 : Sergey Glazunov working with Google’s Pwnium contest

CVE-2011-3056 : Sergey Glazunov

WebKit

Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue existed in WebKit.

CVE-ID

CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team

However, MuscleNerd has tweeted that jailbreakers should stay away from the new update. Thus, if you want to keep a jailbroken iOS device, better refrain from updating to iOS 5.1.1.

Source: Modmyi

Image Source

Written by

The author didnt add any Information to his profile yet