If you have an Apple device that is capable of running iOS 6, you might have resisted upgrading it after hearing people complain about Apple’s new mapping application.
But now is the time to grab it for security reasons: iOS 6 patched a whopping 197 CVE-numbered vulnerabilities in 41 system components, broken down as follows:
- 6 security bypasses
- 1 denial of service (DoS) problem
- 1 privilege escalation
- 15 data leakage issues
- 11 remote code execution (RCE) holes
- 7 spoofing flaws
Now, with the release of iOS 6.0.1, there are four more reasons to get onto iOS 6 if you’re still one of the holdouts.
Bugs fixed include:
- A kernel data leakage issue, by means of which the kernel could be persuaded to reveal information about which code was at what address. This might not sound like much, but it subverts Address Space Layout Randomisation (ASLR).
If all you can do with an vulnerability is make the CPU to jump to a memory address, you need to know in advance what address to choose. Otherwise, your exploit will probably just crash the device, not take it over. ASLR is deliberately intended to make it hard for you to know where to go, thus helping to turn RCE exploits (crash and keep control) into DoSes (crash and burn out).
- A Passcode bypass, potentially allowing your Passbook application to be accessed even after you locked your device.
Since Passbook can store coupons, loyalty programme details and even airline boarding cards, having your Passbook unlocked even when your device is locked presents a rather obvious personal security risk.
- Two RCE flaws in WebKit, the core of any web browsing app on any iDevice.
One of these bugs can be triggered by deliberately-dodgy Javascript; the other by a craftily-tweaked SVG (scalable vector graphics) file. These sorts of vulnerability are highly regarded by cybercrooks, as they can be used for drive-by infections. That’s where just visiting a page can trick your browser into running malware, without waiting for you to click through any security warnings.
This update also contains the following improvements and bug fixes, including:
- Fixes a bug that prevents iPhone 5 from installing software updates wirelessly over the air
- Fixes a bug where horizontal lines may be displayed across the keyboard
- Fixes an issue that could cause camera flash to not go off
- Improves reliability of iPhone 5 and iPod touch (5th generation) when connected to encrypted WPA2 Wi-Fi networks
- Resolves an issue that prevents iPhone from using the cellular network in some instances
- Consolidated the Use Cellular Data switch for iTunes Match
- Fixes a Passcode Lock bug which sometimes allowed access to Passbook pass details from lock screen
- Fixes a bug affecting Exchange meetings
- The update is available from iTunes or OTA.
Did you enjoy this article? If so, we’d love to hear your thoughts in the comments below. It would be great if you subscribed to our RSS feed or signed up for email updates to get more goodness. There’s lots more where this came from!
About the Author
More articles by Rudy Stebih »
