+ Reply
Results 1 to 16 of 16

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Apple Reveals Security Fixes Included in iOS 5.1.1

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
After the release of Apple’s iOS 5.1.1 update for the iPhone, iPad, and iPod Touch, the Cupertino California company finally decided to update its support webpage regarding the new software’s
...
  1. #1
    MMi Staff Writer Akshay Masand's Avatar
    Join Date
    Sep 2011
    Location
    New York City
    Posts
    3,606
    Thanks
    3
    Thanked 116 Times in 102 Posts

    Default Apple Reveals Security Fixes Included in iOS 5.1.1


    After the release of Apple’s iOS 5.1.1 update for the iPhone, iPad, and iPod Touch, the Cupertino California company finally decided to update its support webpage regarding the new software’s security tweaks which include one Safari browser and two WebKit fixes.

    The iOS 5.1.1 update released various bug fixes including HDR reliability, network switching, as well as AirPlay video playback bugs but it failed to specify what security tweaks had been added. The refresh from the security page informs us that Apple has taken care of the previously discovered custom URL spoofing exploit as well as information about two WebKit fixes.

    The security fixes (from the updated support page) can be found below:

    iOS 5.1.1 Software Update

    Safari

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: A maliciously crafted website may be able to spoof the address in the location bar

    Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.

    CVE-ID

    CVE-2012-0674 : David Vieira-Kurz of MajorSecurity (majorsecurity.net)

    WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: Multiple cross-site scripting issues existed in WebKit.

    CVE-ID

    CVE-2011-3046 : Sergey Glazunov working with Google's Pwnium contest

    CVE-2011-3056 : Sergey Glazunov

    WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in WebKit.

    CVE-ID

    CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team
    As mentioned previously, MuscleNerd tweeted that jailbreakers should stay away from the new update – so if you want to keep a jailbroken iOS device, following MuscleNerd’s advice is probably a good idea.

    Source: Apple
    Last edited by Akshay Masand; 05-08-2012 at 03:44 AM.

    Twitter: @AkshayMasand

  2. #2
    Green Apple
    Join Date
    Oct 2007
    Posts
    53
    Thanks
    4
    Thanked 4 Times in 4 Posts

    (A BIG "IF") - IF the 5.1.1 release patches exploits that were possibly being saved for an IOS 6 release, why not release the hopefully completed 5.1 JB (tethered OR untethered) so that some of us who are trapped in 5.1 can see some freedom

    Sincerely,
    An iPad 3 owner who is stuck with a locked device (shipped with 5.1)

  3. #3
    My iPhone is a Part of Me PoEtikly's Avatar
    Join Date
    Feb 2011
    Location
    Chicago
    Posts
    580
    Thanks
    2
    Thanked 63 Times in 45 Posts

    Quick question, a bit off topic but in another thread somebody was asking about their camera icon not being themed in 5.1.1. Does the 5.1 tethered jb work for 5.1.1 as well? And also, what exactly are these security updates fixing? I read the article but I guess I'm not sure what issues it fixed. Was there a virus or something that was using what seemed as legit domains to inject a virus on the idevice?

  4. #4
    iPhone? More like MyPhone thekirbylover's Avatar
    Join Date
    Sep 2011
    Location
    Australia
    Posts
    155
    Thanks
    13
    Thanked 9 Times in 8 Posts

    Quote Originally Posted by Apple
    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
    Possible hole for a future JailbreakMe? Too bad it was patched
    Quote Originally Posted by PoEtikly View Post
    Does the 5.1 tethered jb work for 5.1.1 as well?
    A4 devices are vulnerable to limera1n so they always have at least a tethered jailbreak

  5. #5
    Green Apple
    Join Date
    Sep 2008
    Location
    China
    Posts
    48
    Thanks
    13
    Thanked 0 Times in 0 Posts

    about the iphone stupid battery when we will have an update?

  6. #6
    iPhone? More like MyPhone spooneditr's Avatar
    Join Date
    Dec 2008
    Posts
    274
    Thanks
    8
    Thanked 18 Times in 10 Posts

    Quote Originally Posted by dstorrents View Post
    (A BIG "IF") - IF the 5.1.1 release patches exploits that were possibly being saved for an IOS 6 release, why not release the hopefully completed 5.1 JB (tethered OR untethered) so that some of us who are trapped in 5.1 can see some freedom

    Sincerely,
    An iPad 3 owner who is stuck with a locked device (shipped with 5.1)
    I 2nd this comment.


    Your mom has "spirit" but I used my "pwnage tool" on her all night long and "ultrasn0wed" all over her. haha

  7. #7
    What's Jailbreak?
    Join Date
    Apr 2008
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default New jailbreakme possible?
    Quote Originally Posted by thekirbylover View Post
    Possible hole for a future JailbreakMe? Too bad it was patched

    A4 devices are vulnerable to limera1n so they always have at least a tethered jailbreak
    If apple has patched a hole in safari of 5.1 iOS, isn't possible for a hacker to use this hole to jailbreak iOS 5.1?

  8. #8
    What's Jailbreak?
    Join Date
    Apr 2011
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by dstorrents View Post
    (A BIG "IF") - IF the 5.1.1 release patches exploits that were possibly being saved for an IOS 6 release, why not release the hopefully completed 5.1 JB (tethered OR untethered) so that some of us who are trapped in 5.1 can see some freedom

    Sincerely,
    An iPad 3 owner who is stuck with a locked device (shipped with 5.1)
    lets just save the exploits until ios 6, iphone 4s had to wait at least 8 months, so you can be patient too..

  9. #9
    iPhone? More like MyPhone
    Join Date
    Dec 2009
    Posts
    102
    Thanks
    4
    Thanked 2 Times in 2 Posts

    Quote Originally Posted by Nichonico View Post
    lets just save the exploits until ios 6, iphone 4s had to wait at least 8 months, so you can be patient too..
    Seems you didn't understand. It's no longer an exploit for ios6, not even 5.1.1 for that matter. So providing a 5.1 jailbreak would lose nothing. Just because I had to wait 8 months for a jailbreak doesn't mean everyone should now...

  10. #10
    Livin the iPhone Life
    Join Date
    Aug 2010
    Posts
    2,181
    Thanks
    5,137
    Thanked 1,433 Times in 682 Posts

    Quote Originally Posted by idkanymore View Post
    Seems you didn't understand. It's no longer an exploit for ios6, not even 5.1.1 for that matter. So providing a 5.1 jailbreak would lose nothing. Just because I had to wait 8 months for a jailbreak doesn't mean everyone should now...
    We did not wait 8 mo for a 4S JB. The 4S came out in October 2011, we waited till Jan/Feb 2012

  11. #11
    iPhone? More like MyPhone
    Join Date
    Dec 2009
    Posts
    102
    Thanks
    4
    Thanked 2 Times in 2 Posts

    Quote Originally Posted by nealh View Post
    We did not wait 8 mo for a 4S JB. The 4S came out in October 2011, we waited till Jan/Feb 2012
    It didn't sound right but I was just working off his logic. Point is that everyone shouldn't wait just because other people had to.

  12. #12
    Livin the iPhone Life
    Join Date
    Aug 2010
    Posts
    2,181
    Thanks
    5,137
    Thanked 1,433 Times in 682 Posts

    Quote Originally Posted by idkanymore View Post
    It didn't sound right but I was just working off his logic. Point is that everyone shouldn't wait just because other people had to.
    +1000000

  13. #13
    iPhoneaholic emerica6708's Avatar
    Join Date
    Jan 2008
    Location
    Austin, TX
    Posts
    346
    Thanks
    26
    Thanked 7 Times in 7 Posts

    Quote Originally Posted by idkanymore View Post
    Seems you didn't understand. It's no longer an exploit for ios6, not even 5.1.1 for that matter. So providing a 5.1 jailbreak would lose nothing. Just because I had to wait 8 months for a jailbreak doesn't mean everyone should now...
    There is nothing in here about the Dev Team's exploits being patched, this patched some vulnerable spots in safari, nobody said those are the exploits the dev team was using. Plus they had I believe six exploits and they only patched three things, so at worst there are still three exploits apple hasn't touched, and that's IF these were what the dev team had, which I doubt.

  14. #14
    Green Apple i113's Avatar
    Join Date
    Apr 2011
    Posts
    70
    Thanks
    0
    Thanked 19 Times in 11 Posts

    It probably fixed the URL spoofer which would let a hacker make safari look like it was at wellsfargo.com, when it's really just his site, angle steals your log-on and pw.

    I don't see how a URL spoofer could have produced a jb anyway.

  15. #15
    iPhoneaholic s0ulp1xel's Avatar
    Join Date
    Apr 2011
    Location
    HiltonHeadIsland, SC
    Posts
    462
    Thanks
    13
    Thanked 18 Times in 11 Posts

    Let me rephrase "Security" to "Jailbreak Patches".

  16. #16
    Delirious kooris's Avatar
    Join Date
    Feb 2011
    Location
    New Zealand
    Posts
    620
    Thanks
    125
    Thanked 1,250 Times in 186 Posts

    I believe that none of these affect jailbreaking exploits, and most of you don't know what you're talking about. It only affects userland, and only webkit, as far as I can see. You're barking up the wrong tree.

    Also, if they don't release those exploits, apple wont, cant know which they are and cannot patch these exploits, pod2g and his team aren't dumb.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts