Apple iOS Update Patches Security Flaws
The vulnerabilities could provide an attacker with access to the Passbook app, and could enable arbitrary code execution.
Apple recently released iOS 6.0.1, patching four security vulnerabilities.
"The most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later," writes Threatpost's Michael Mimoso. "An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said. The researchers said the vulnerability, which could expose data to an attacker, occurs in the way iOS handles application programming interfaces in relation to kernel extensions."
"There was also a Passcode bypass flaw, which could have allowed hackers to gain access to the Passbook app, which lets users store passes for things such as flights or cinema tickets," writes TechWeekEurope's Tom Brewster. "The vulnerability would have let a determined cyber crook break into the app even when a device is locked."
"The iOS 6.0.1 software update also includes fixes for the iPhone 5 to allow it to install over the air updates and to make it work better with WPA2 Wi-Fi networks," The H Security reports. "There are also corrections for bugs which flashed horizontal lines over the keyboard and stopped the camera flash going off."