Apple iOS Update Patches Security Flaws


Apple recently released iOS 6.0.1, patching four security vulnerabilities.

"The most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later," writes Threatpost's Michael Mimoso. "An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said. The researchers said the vulnerability, which could expose data to an attacker, occurs in the way iOS handles application programming interfaces in relation to kernel extensions."

"There was also a Passcode bypass flaw, which could have allowed hackers to gain access to the Passbook app, which lets users store passes for things such as flights or cinema tickets," writes TechWeekEurope's Tom Brewster. "The vulnerability would have let a determined cyber crook break into the app even when a device is locked."

"The final two vulnerabilities were located in WebKit," writes's Fahmida Y. Rashid. "The first Webkit flaw was a 'time of check to time of use issue' which existed in how JavaScript arrays were being handled (CVE-2012-3748). The other WebKit issue was a 'use-after-free' issue in the way SVG images were handled (CVE-2012-5112), and was originally disclosed by Pinkie Pie during Google's recent pwnium2 contest at HITB Kuala Lumpur."

"The iOS 6.0.1 software update also includes fixes for the iPhone 5 to allow it to install over the air updates and to make it work better with WPA2 Wi-Fi networks," The H Security reports. "There are also corrections for bugs which flashed horizontal lines over the keyboard and stopped the camera flash going off."