In association with heise online

02 November 2012, 10:56

Apple releases iOS 6 and Safari security updates

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple security icon Apple has released updates for iOS 6 which include security fixes. The iOS 6.0.1 update includes security fixes for the kernel, passcode locking and WebKit. The WebKit issues were also fixed in an update of the Safari web browser for Mac OS X.

The kernel flaw allowed maliciously crafted applications to bypass the ASLR (Address Space Layout Randomisation) system and discover kernel addresses. The passcode lock problem allowed anyone with physical access to a device to gain access to the new Passbook application's passes which could have included tickets, boarding passes or vouchers.

The two WebKit holes both opened up the possibility of a malicious web site either terminating the application or running arbitrary code; one involved the checking of JavaScript arrays and the other was a use-after-free issue with SVG images. The latter flaw was reported by Pinkie Pie as part of the Pwnium 2 contest.

The iOS 6.0.1 software update also includes fixes for the iPhone 5 to allow it to install over the air updates and to make it work better with WPA2 Wi-Fi networks. There are also corrections for bugs which flashed horizontal lines over the keyboard and stopped the camera flash going off.

The two WebKit issues were also the only issues apparently fixed in the Safari 6.0.2 update. Safari 6.0.2 is available through Software Update for Mac OS X 10.7 Lion and the Mac App Store for Mac OS X 10.8 Mountain Lion.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit