Apple's iOS 5.1.1 Patches Serious Security Flaws
The update patches several vulnerabilities, including one that could lead to remote code execution.
Apple recently released version 5.1.1 of iOS for the iPhone, iPad and iPod touch, patching several vulnerabilities.
"The highest severity vulnerability that's fixed in iOS 5.1.1 is a WebKit flaw that can lead to remote code execution or an application crashing," writes Threatpost's Dennis Fisher. "In order to trigger that vulnerability, a user would need to visit a Web site with a maliciously crafted URL, which is a common attack tactic via phishing emails and URL redirections."
"A second flaw is a WebKit cross-site scripting issue in which 'visiting a maliciously crafted website may lead to a cross-site scripting attack,' Apple explained," Infosecurity reports. "The company acknowledged Sergey Glazunov working with Google's Pwnium contest for finding the flaw."
"The final flaw was a URL spoofing problem which allowed illegitimate domains to visually appear in the address bar as legitimate sites," The H Security reports.
"It’s important for iOS device owners to install this update as soon as possible," writes Forbes' Adrian Kingsley-Hughes. "Now that the updated code is available, the hackers will get to work reverse-engineering it so they can figure out how the vulnerabilities worked so they can make use of that information and target people who haven’t applied the update."