X
Business

Apple patches serious security holes in iOS devices

The iOS 5.1.1 update fixes four separate vulnerabilities, including one that could be used to take complete control of an affected device.
Written by Ryan Naraine, Contributor

Apple has shipped a high-priority iOS update to fix multiple security holes affecting the browser used on iPhones, iPads and iPod Touch devices.

The iOS 5.1.1 update fixes four separate vulnerabilities, including one that could be used to take complete control of an affected device.

Here's the skinny of this batch of updates:

  • A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.
  • Multiple security holes in the open-source WebKit rendering engine.  These could lead to cross-site scripting attacks from maliciously crafted web sites. These vulnerabilities were used during Google's Pwnium contest at this year's CanSecWest conference.
  • A memory corruption issue in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.  This issue was discovered and reported by Google's security team.

This patch is only available via iTunes. To check that the iPhone, iPod touch, or iPad has been updated:

  • Navigate to Settings
  • Select General
  • Select About. The version after applying this update will be "5.1.1".

Editorial standards