Tuesday, May 8, 2012

Apple updates iOS for iPx devices

Information about the content of this update is not currently available, as Apple is usually VERY close-mouthed about security fixes, but all the sites are saying there are security holes that are plugged. Apple's security write-up on this update (HT5278) is still coming up blank.   The best write-up I have seen is the ZDNet article linked near the end of this blog posting.

Given the latest spate of fixes to other Apple operating systems, I would recommend that if you are offered this update through iTunes you accept it and update.  Of course, you are going to back up your data before you update, right?

ISC Diary | iOS 5.1.1 Software Update for iPod, iPhone, iPad
Apple released iOS 5.1.1 for iPod, iPhone, iPad (exclude Mac OS X) only available through iTunes. The updates address Safari and WebKit for iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2. At the time of this writing, the advisory was still not posted (APPLE-SA-2012-05-07-1) but the update is available through iTunes.
Apple offers iOS 5.1.1 update, fixes some serious vulnerabilities | Naked Security
Apple's latest update to iOS just came out. Version 5.1.1 is more than just a cosmetic fix: it patches at least three security flaws, all of which should be considered serious.

Information about the update can be found in Apple's knowledgebase article DL1521.

Unfortunately, the security reasons for updating sooner rather than later are hard to find from DL1521.

The page leads with a list of five "improvements and bug fixes", none of which is a compelling reason on its own to update now.

As usual, Apple relegates the security content of the update to the well-known landing page HT1222. But when I visited, the most recent security updates in the list were still April's malware-related Flashback fixes.

Nevertheless, the page you need to consult for iOS 5.1.1 does exist - it's HT5278, and if you have an iDevice, I strongly suggest you read it.

Apple patches serious security holes in iOS devices | ZDNet
Apple has shipped a high-priority iOS update to fix multiple security holes affecting the browser used on iPhones, iPads and iPod Touch devices.

The iOS 5.1.1 update fixes four separate vulnerabilities, including one that could be used to take complete control of an affected device.

Here’s the skinny of this batch of updates:
  • A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.
  • Multiple security holes in the open-source WebKit rendering engine.  These could lead to cross-site scripting attacks from maliciously crafted web sites. These vulnerabilities were used during Google’s Pwnium contest at this year’s CanSecWest conference.
  • A memory corruption issue in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.  This issue was discovered and reported by Google’s security team.

This patch is only available via iTunes. To check that the iPhone, iPod touch, or iPad has been updated:

  • Navigate to Settings
  • Select General
  • Select About. The version after applying this update will be “5.1.1″.

No comments: