iOS 5.1.1 closes iPhone holes
Apple has released an iOS 5.1.1 update which closes four security holes in the iPhone and iPad operating system. Among the flaws is a WebKit problem which could allow a maliciously crafted web site to crash applications or execute arbitrary code to take control of the device.
The memory corruption flaw, discovered by the Google Chrome Security Team, affects iPhone 3GS, iPhone 4 and 4s, third generation and later iPod Touch and the iPad and iPad 2. Another pair of flaws, one of which was used in Google's Pwnium contest by discoverer Sergey Glazunov, allowed the staging of a cross-site scripting attack. The final flaw was a URL spoofing problem which allowed illegitimate domains to visually appear in the address bar as legitimate sites.
The 5.1.1 update also corrects a number of non-security problems, with more reliable HDR photography options for the lock screen camera, better 2G/3G network switching on the new iPad, fixes for Airplay video playback and Safari syncing and a permanent fix to a problem which made the iTunes store announce "Unable to purchase" after a successful purchase.
The update to 5.1.1 is available via iTunes for iPhones and iPads that have not upgraded to iOS 5. iOS 5.x devices can update over the air by selecting Settings ➤ General ➤ Software Update.