Apple bumps iOS to 6.0.1, fixes an interesting set of bugs

Filed Under: Apple, Featured, iOS, Vulnerability

If you have an Apple device that is capable of running iOS 6, you might have resisted upgrading it after hearing people complain about Apple's new mapping application.

But you ought to have grabbed it with both hands for security reasons: iOS 6 patched a whopping 197 CVE-numbered vulnerabilities in 41 system components, broken down as follows:

  • 6 security bypasses
  • 1 denial of service (DoS) problem
  • 1 privilege escalation
  • 15 data leakage issues
  • 11 remote code execution (RCE) holes
  • 7 spoofing flaws

Now, with the release of iOS 6.0.1, there are four more reasons to get onto iOS 6 if you're still one of the holdouts.

Bugs fixed include:

  • A kernel data leakage issue, by means of which the kernel could be persuaded to reveal information about which code was at what address. This might not sound like much, but it subverts Address Space Layout Randomisation (ASLR).

→ If all you can do with an vulnerability is make the CPU to jump to a memory address, you need to know in advance what address to choose. Otherwise, your exploit will probably just crash the device, not take it over. ASLR is deliberately intended to make it hard for you to know where to go, thus helping to turn RCE exploits (crash and keep control) into DoSes (crash and burn out).

  • A Passcode bypass, potentially allowing your Passbook application to be accessed even after you locked your device.

→ Since Passbook can store coupons, loyalty programme details and even airline boarding cards, having your Passbook unlocked even when your device is locked presents a rather obvious personal security risk.

  • Two RCE flaws in WebKit, the core of any web browsing app on any iDevice.

→ One of these bugs can be triggered by deliberately-dodgy Javascript; the other by a craftily-tweaked SVG (scalable vector graphics) file. These sorts of vulnerability are highly regarded by cybercrooks, as they can be used for drive-by infections. That's where just visiting a page can trick your browser into running malware, without waiting for you to click through any security warnings.

There you have it. Four good reasons for iOS 6.0.1.

Apple's writeup can be found in knowledgebase article HT5567.

, , , , , ,

You might like

10 Responses to Apple bumps iOS to 6.0.1, fixes an interesting set of bugs

  1. holding back · 722 days ago

    Now if I could only get full web browsing capability on my Iphone with out having to jail break it, I would have a reason to upgrade

  2. Shivaram · 721 days ago

    What abt wifi issues? has that been fixed?

    • Paul Ducklin · 721 days ago

      The points above are only to do with security holes and vulnerability aspects of the upgrade.

      Reports are that changes *have* been made in the Wi-Fi software, but apparently just as a way to improve connectivity...not as security fix. Not sure what effect these changes might have on your iDevice.

  3. dave · 721 days ago

    Right Holding Back, is that before or after you download your music and movies illegally??

    • David Cornish · 720 days ago

      Lots of people jailbreak without ever downloading music and/or other content illegally; personally I have done so for the health benefits of f.lux but considerable other functionality is only available by routing around the iOS restrictions. Naturally this comes at a risk; I lose some security for increased functionality, and that trade off is to some extent a personal judgement call. I would rather Apple allowed a broader range of apps in App Store that fit under the category of 'tweaks' in cydia, thus allowing this functionality whilst maintaining security, but that's not Apple's policy.

    • Matt · 720 days ago

      Jailbreaking have nothing to do with pirating music or movies. it just gives you more control over your device.

  4. Can you say more about the SVG exploit through WebKit? It would be interesting to hear more about the JS exploit as well.

  5. Don · 721 days ago

    Yo! Apple..Fix the Toutube thing so i can use my Apple TV agin Then i'll upgrade...WTF 99.00 dollars for what? The new youtube app sucks All i get is audio.and no video.And the youtube setting that come with Apple TV is a Joke! The app was a one click sigan on.

  6. enyap_ynot · 719 days ago

    I can't pause music by double clicking the home button while the device is locked anymore. The music controls pop up but only volume works. :-(

  7. Hank Arnold · 718 days ago

    I haven't read anything on this, but I've noticed a *MAJOR* increase in battery life.
    )

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog