Apple iOS 6.0.1 update fixes four security holes


Apple iOS 6.0.1 update fixes four security holes Staff

This week Apple issued fixes for flaws in its iOS platform to address security and stability issues, with the iOS 6.0.1 update. The update addresses four vulnerabilities, as well as a range of stability patches.

These patches include a kernel data leakage issue (CVE-2012-3749) in API handling related to kernel extensions, which may lead to kernel address disclosure. Responses containing an ‘OSBundleMachOHeaders’ key can divulge included kernel addresses, which may result in subversion of iOS’ address space layout randomization (ASLR) feature. Apple fixes this issue by unsliding the addresses prior to their return.

A flaw in the way Passbook passes were handled (CVE-2012-3750) has got fixes. This could allow a person with physical access to the device to access Passbook without entering the device passcode. Passbooks on iOS devices can store a wide range of sensitive personal information.

Two drive-by remote code execution flaws in iOS’ WebKit implementation have also received patches. One addresses a ‘time of check to time of use’ issue (CVE-2012-3748) while handling JavaScript arrays. This has been patched by additional validation of JavaScript arrays. The other WebKit flaw concerns a ‘use after free’ issue (CVE-2012-5112) in scalable vector graphics (SVG) image handling, which has been fixed through improved memory handling. According to Apple’s

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

security advisory, both may lead to arbitrary application termination or code execution.

The update is expected to fix issues preventing iPhone 5 handsets from receiving over-the-air (OTA) updates. Patches are included for keyboard display issues, problems with encrypted connections, and wireless networking. iOS users can update to iOS 6.0.1 via iTunes or use OTA utilities on iOS devices.