Everyone is talking about the new features delivered in the latest software updates from Apple, and with the new iPad on the scene, it’s hardly a surprise that the security side of these updates has been somewhat overlooked.
Fear not. We’re eager to discuss the latest patches included in iOS 5.1, iTunes 10.6, and the new Apple TV 5.0 software, now that everyone has calmed down a bit.
iOS 5.1 brings, by far, the most plugs for the latest vulnerabilities discovered in Apple’s mobile operating system powering iPhones, iPads, and iPod touch players everywhere.
Around 12 different holes are specifically mentioned in Apple’s support document detailing the security content of iOS 5.1. However, as the advisory shows, there are over 80 security issues addressed in total - most of which affected WebKit, Apple’s layout engine designed to allow web browsers to render web pages.
Affecting iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, the original iPad, as well as the iPad 2, multiple memory corruption issues that existed in WebKit could lead to an unexpected application termination or arbitrary code execution by visiting a maliciously crafted website.
With the help of numerous security researchers, as well as its own techies, Apple plugged these holes once and for all. But don’t fret. That doesn’t mean there won’t be any new ones in the future.
Now that you know all this, perhaps you’ll consider updating sooner rather than later. Of course, if you’re an avid jailbreak fan, you’ll find yourself between a rock and a hard place.
As you’ll recall, the iPhone Dev Team has warned jailbreakers to stay away from the stock iOS 5.1 firmware, should they wish to keep their ability to jailbreak and / or unlock their devices in the future.
Moving on to the security content of iTunes 10.6, Apple lists roughly the same WebKit vulnerabilities. WebKit is actually at the heart of iTunes - it’s used to display every app icon and album artwork you see in the iTunes Store.
However, the impact of those memory corruption issues is slightly different on Mac and Windows computers. Per Apple’s advisory…:
“A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.”
Finally, Apple TV Software 5.0 patches a single vulnerability tracked down by Ilja van Sprundel of IOActive.
According to Apple’s security note, Sprundel discovered that “an integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption.”
Should the user keep the Apple TV software below 5.0, this end scenario could potentially arise: “Applications that use the libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution.”
0 comments:
Post a Comment