Apple Reveals What Security Issues Have Been Addressed In The iOS 5.1.1 Firmware

Today has been a busy day with Apple releasing the iOS 5.1.1 firmware into the wild. For those that missed our run-down on the iOS 5.1.1 firmware, essentially it includes only minor bug fixes and improves the reliability of taking HDR photos. What we did not cover in our iOS 5.1.1 run-down is what security issues had been addressed.

Thanks to Apple updating their support page (thanks for the tip Tom Ghanen) however, we can now confirm the security content of iOS 5.1.1.

  • SafariAvailable for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: A maliciously crafted website may be able to spoof the address in the location bar

    Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.

    CVE-ID

    CVE-2012-0674 : David Vieira-Kurz of MajorSecurity (majorsecurity.net)

  • WebKitAvailable for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: Multiple cross-site scripting issues existed in WebKit.

    CVE-ID

    CVE-2011-3046 : Sergey Glazunov working with Google’s Pwnium contest

    CVE-2011-3056 : Sergey Glazunov

  • WebKitAvailable for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in WebKit.

    CVE-ID

    CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team

The biggest security vulnerability fixed in the iOS 5.1.1 firmware realtes to URL spoofing. This vulnerability was discovered in March and could have been exploited to entice people to give out their credit card information on Apple’s iOS Devices.

Don't forget to follow iJailbreak.com on Facebook, Twitter and Google+. Be sure to check out our partnership page where you can get mentorship on starting your own business online.
  • Rgpop76

    is the jailbreak released for ios 5.1.1??

  • Guest

     no they are currently working on the 5.1 untethered jailbreak