Apple’s latest iOS update is out.
The new version bumps iOS5 up to 5.0.1, and is Apple’s first OTA update.
OTA stands for “over-the-air”, and means that you can download and apply the update directly from your iDevice.
You no longer need to download the entire firmware file to your computer – including yet another copy of everything which hasn’t changed in iOS – and push it to your device.
(OTA updating isn’t yet mandatory. If you prefer to keep full copies of each iOS firmware distro, you can still use the download-and-install-with-iTunes method.)
According to Apple, the highlights of the 5.0.1 update are that it:
* fixes bugs affecting battery life,
* adds Multitasking Gestures for the original iPad,
* resolves bugs with Documents in the Cloud, and
* improves voice recognition for Australian users using dictation.
Strewth! That last one’s a bonzer boost for blokes and sheilas everywhere! Gives an Aussie something worth lifting a tinnie to after the Baggy Green got such a big hiding from the South Africans in the cricket!
Importantly, 5.0.1 also fixes a number of security flaws, including a remote code execution (RCE) vulnerability involving font handling. RCE means that a cybercriminal might be able to trick your device into running software without asking you, even if you’re just browsing the internet.
Interestingly, Charlie Miller’s recent and controversial App Store hole has also been patched. Miller showed how to write an innocent-looking App which, once approved by Apple, could fetch and run unapproved software.
Miller was unceremoniously banned from the Apple Developer scene for at least a year; there’s no word from Apple, however, on whether he’ll be readmitted now the hole is fixed.
And 5.0.1 patches the so-called Smart Cover bug. The iPad 2 didn’t always force you to enter your passcode when you opened the Smart Cover of a locked device. A thief couldn’t start any applications, but could get access to some of the data on your device.
If you are a jailbreaker, however, note that there is not yet any way to go back to iOS5.0 once you’ve moved on to 5.0.1.
That means that you’ll never be able to use Charlie Miller’s code-signing vulnerability for jailbreaking purposes in the future, for example if an iPad 2 jailbreak appears which relies on it.
And that leaves us with one question: should you update?
But these complaints are still anecdotal and unscientific, so if you trust Apple and you’re not into jailbreaking, I’d suggest updating to 5.0.1 as soon as you conveniently can.
The font and code-signing vulnerabilities may not have made it to Apple’s highlights list, but each of these bugs on its own can be considered sufficiently important to warrant a prompt update.