Apple recently released version 5.1.1 of iOS for the iPhone, iPad and iPod touch, patching several vulnerabilities.
"The highest severity vulnerability that's fixed in iOS 5.1.1 is a WebKit flaw that can lead to remote code execution or an application crashing," writes Threatpost's Dennis Fisher. "In order to trigger that vulnerability, a user would need to visit a Web site with a maliciously crafted URL, which is a common attack tactic via phishing emails and URL redirections."
"A second flaw is a WebKit cross-site scripting issue in which 'visiting a maliciously crafted website may lead to a cross-site scripting attack,' Apple explained," Infosecurity reports. "The company acknowledged Sergey Glazunov working with Google's Pwnium contest for finding the flaw."
"The final flaw was a URL spoofing problem which allowed illegitimate domains to visually appear in the address bar as legitimate sites," The H Security reports.
"It’s important for iOS device owners to install this update as soon as possible," writes Forbes' Adrian Kingsley-Hughes. "Now that the updated code is available, the hackers will get to work reverse-engineering it so they can figure out how the vulnerabilities worked so they can make use of that information and target people who haven’t applied the update."