Apple closes iPhone keysigning hole
Apple have released iOS 5.0.1 – an update to October's publication of iOS 5.0 for iPhones and iPads – which includes fixes for two major security holes which have been discovered since the release. Charlie Miller recently revealed that he was able to run unsigned code on Apple's devices by exploiting a flaw in versions of iOS 4.3 and later. That flaw, a logic error in the kernel's mmap system call and its checking of flags, has now been corrected. Exploitation of the flaw could have allowed an attacker to inject unsigned code into a maliciously crafted signed application, bypassing many of Apple's security restrictions.
The problem with the iPad 2's Smart Cover and iOS 5.0 which allowed the passcode lock to be bypassed has also been fixed. Among the other issues resolved in the update are two flaws which are said to "lead to the disclosure of sensitive information": one in CFNetwork's handling of URLs and the other in the handling of DNS lookups. Apple has also configured the default trust system for certificates to no longer trust DigiCert Malaysia's certificates after they were found to be weak and incorrectly formed.
The iOS update also addresses a number of non-security issues including fixing bugs which reduced battery life. The update is also the first iOS update to be available OTA (Over The Air). iPhone and iPad users with iOS 5.0 on their device can select Settings ➤ General ➤ Software Update and follow the instructions there. They can also use iTunes on their desktop computer to install the update when they synchronise the device, as can users who have not yet installed iOS 5.
- About the security content of iOS 5.0.1 Software Update, Apple security advisory.