This week Apple issued fixes for flaws in its iOS platform to address security and stability issues, with the iOS 6.0.1 update. The update addresses four vulnerabilities, as well as a range of stability patches.
These patches include a kernel data leakage issue (CVE-2012-3749) in API handling related to kernel extensions, which may lead to kernel address disclosure. Responses containing an ‘OSBundleMachOHeaders’ key can divulge included kernel addresses, which may result in subversion of iOS’ address space layout randomization (ASLR) feature. Apple fixes this issue by unsliding the addresses prior to their return.
A flaw in the way Passbook passes were handled (CVE-2012-3750) has got fixes. This could allow a person with physical access to the device to access Passbook without entering the device passcode. Passbooks on iOS devices can store a wide range of sensitive personal information.
The update is expected to fix issues preventing iPhone 5 handsets from receiving over-the-air (OTA) updates. Patches are included for keyboard display issues, problems with encrypted connections, and wireless networking. iOS users can update to iOS 6.0.1 via iTunes or use OTA utilities on iOS devices.