In association with heise online

29 January 2013, 12:19

iOS update fixes browser vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple logo

The latest iOS update fixes a whole range of security vulnerabilities, around 20 of which permitted remote code injection and execution. Apple has also belatedly revoked the compromised Türktrust certificates.

Most of the vulnerabilities were in WebKit, which forms the basis for iOS's Safari browser. A bug has also been fixed which allowed JavaScript to be enabled without user interaction when the device displayed one of Apple's "Smart App Banners", even after the user had disabled JavaScript. Apple has also removed a vulnerability in the iOS 6 kernel previously publicly demonstrated by Mark Dowd.

Although the updates fix a large number of extremely critical security vulnerabilities, there is no need to panic – to date there has not been a single known case of such a security vulnerability being exploited to compromise an iPhone or iPad. Although the theoretical possibility has been demonstrated (by programs such as Jailbreakme), the difficulty involved in doing so has clearly deterred would-be fraudsters.

Apple also released an update for the Apple TV, 5.1.1, which fixes the same kernel vulnerability as iOS and a problem with JavaScript array checking.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit