iOS 5.1 Features: Top 5 Security Content Updates You Must Be Aware of
Apple seems to have more focus on the security related issues in its latest iOS 5.1 firmware update with fixes for as much as 81 security flaws in the latest mobile operating system.
The firmware update, which was released by Apple last week, contains a number of improvements and bug fixes that include the one affecting battery life on devices running iOS 5. Users, who have already updated to iOS 5.1, say that they have been experiencing significant improvement in battery life after installing the firmware update.
Other significant improvements and bug fixes include Japanese language support for Siri, deleting photos from Photo Stream, visible Camera shortcut on Lock Screen for iPhone 4S, iPhone 4, iPhone 3GS and iPod touch, fix for the issue that occasionally caused audio to drop for outgoing calls, redesigned camera app for iPad etc.
Apple explained in its patch notes that iOS 5.1 contains fixes for a variety of vulnerabilities, including a fix to the lock screen of the iPad and iPhone. According to the company, it is possible to evade the lock screen on unpatched devices, leaving any data on the device vulnerable to get lost or stolen.
Here are the top five security updates in the latest Apple mobile OS update, which can be downloaded and installed using iTunes.
Passcode Lock
Apple said it had fixed a race condition issue that existed in the handling of slide to dial gestures. This security flaw may allow a person with physical access to the device to bypass the Passcode Lock screen.
A race condition is an error in a process, where the result depends on the timing of certain other events. In this case, it was dependent on the action of swiping the lock icon on the device's screen.
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad and iPad 2.
Kernel
iOS 5.1 also offered a fix for a cross-site scripting vulnerability. In this case, malicious code on a Web site can be inserted onto a user's machine, bypassing sandbox restrictions.
According to Apple, this security flaw may allow a malicious program to gain code execution in other programs with the same user privileges.
Interestingly, Apple credited the 2012 iOS Jailbreak Dream Team for their valuable exploits in unearthing the security bug on the iOS platform.
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad and iPad 2.
CFNetwork
According to Apple, an issue existed in CFNetwork's handling of distorted URLs. If a user visits a maliciously crafted Web site, there are higher chances that it may lead to the disclosure of sensitive information.
When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers, said Apple.
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad and iPad 2.
Safari
Apple said that a Safari browsing issue exited in which pages visited as a result of a Web site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active.
Apple made it clear that the fix for this issue was addressed by not recording such visits when Private Browsing is active.
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad and iPad 2.
Siri
A design flaw was figured out in Siri's lock screen restrictions that could have allowed an attacker with physical access to a locked phone to get access to the frontmost email messages.
Apple said that under conditions when Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient.
According to the company, the issue was addressed by disabling forwarding of active messages from the lock screen.
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad and iPad 2.
Apart from these five fixes, the updated iOS 5.1 also incorporated other key fixes related the iOS's virtual private network (VPN) feature, WebKit, HFS catalog files and the libresolv library.
Must Read Articles:
iOS 5.1 Features: Top 5 Security Content Updates You Must Be Aware of
© Copyright IBTimes 2024. All rights reserved.