Apple releases iOS 5.1.1; addresses three Safari vulnerabilities

In addition convenience fixes, iOS 5.1.1 patches three critical vulnerabilities in Safari that can spoof the address in the location bar, execute arbitrary code and XSS attacks.

Apple releases iOS 5.1.1 - Jason O'Grady

Apple today released iOS 5.1.1 (build 9B206, 54.4 MB) for iPhone, iPad and iPod touch. According to the release notes iOS 5.1.1 addresses the following:

  • Improves reliability of using HDR option for photos taken using the Lock Screen shortcut
  • Addresses bugs that could prevent the new iPad from switching between 2G and 3G networks
  • Fixes bugs that affected AirPlay video playback in some circumstances
  • Improved reliability for syncing Safari bookmarks and Reading List
  • Fixes an issue where ‘Unable to purchase’ alert could be displayed after successful purchase

Perhaps more importantly, iOS 5.1.1 also contains a number of security fixes according to Apple knowledgebase article HT5278, including Safari vulnerabilities that allow maliciously crafted websites to be able to spoof the address in the location bar, execute cross-site scripting attacks and cause unexpected application termination or arbitrary code execution.

The update is being pushed out to devices Over-The-Air (OTA), but iOS 5.1 users can also download it immediately by touching Settings > General > Software Update. You can also install iOS 5.1.1 by plugging your device into iTunes and clicking on Update.

Further reading:

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All