Apple iOS 5.1 released, updates security
Posted on 08 March 2012.
Apple released the iOS 5.1 software update which comes with a variety of improvements and bug fixes.


CFNetwork
An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers.

HFS
An integer underflow existed with the handling of HFS catalog files.

Kernel
A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges.

libresolv
An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption.

Passcode lock
A race condition issue existed in the handling of slide to dial gestures. This may allow a person with physical access to the device to bypass the Passcode Lock screen.

Safari
Safariís Private Browsing is designed to prevent recording of a browsing session. Pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active.

Siri
An attacker with physical access to a locked phone could get access to frontmost email message.

A design issue existed in Siriís lock screen restrictions. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen.

VPN
A format string vulnerability existed in the handling of racoon configuration files.

WebKit
A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins.

A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins.

Multiple cross-origin issues existed in WebKit.

Multiple memory corruption issues existed in WebKit.





Spotlight

How security analytics help identify and manage breaches

Posted on 30 July 2014.  |  Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //