Apple iOS 5.1 released, updates security

Apple released the iOS 5.1 software update which comes with a variety of improvements and bug fixes.

CFNetwork
An issue existed in CFNetwork’s handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers.

HFS
An integer underflow existed with the handling of HFS catalog files.

Kernel
A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges.

libresolv
An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption.

Passcode lock
A race condition issue existed in the handling of slide to dial gestures. This may allow a person with physical access to the device to bypass the Passcode Lock screen.

Safari
Safari’s Private Browsing is designed to prevent recording of a browsing session. Pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active.

Siri
An attacker with physical access to a locked phone could get access to frontmost email message.

A design issue existed in Siri’s lock screen restrictions. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen.

VPN
A format string vulnerability existed in the handling of racoon configuration files.

WebKit
A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins.

A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins.

Multiple cross-origin issues existed in WebKit.

Multiple memory corruption issues existed in WebKit.

Don't miss