Apple bumps iOS to 6.0.1, fixes an interesting set of bugs

If you have an Apple device that is capable of running iOS 6, you might have resisted upgrading it after hearing people complain about Apple’s new mapping application.

But you ought to have grabbed it with both hands for security reasons: iOS 6 patched a whopping 197 CVE-numbered vulnerabilities in 41 system components, broken down as follows:

  • 6 security bypasses
  • 1 denial of service (DoS) problem
  • 1 privilege escalation
  • 15 data leakage issues
  • 11 remote code execution (RCE) holes
  • 7 spoofing flaws

Now, with the release of iOS 6.0.1, there are four more reasons to get onto iOS 6 if you’re still one of the holdouts.

Bugs fixed include:

  • A kernel data leakage issue, by means of which the kernel could be persuaded to reveal information about which code was at what address. This might not sound like much, but it subverts Address Space Layout Randomisation (ASLR).

→ If all you can do with an vulnerability is make the CPU to jump to a memory address, you need to know in advance what address to choose. Otherwise, your exploit will probably just crash the device, not take it over. ASLR is deliberately intended to make it hard for you to know where to go, thus helping to turn RCE exploits (crash and keep control) into DoSes (crash and burn out).

  • A Passcode bypass, potentially allowing your Passbook application to be accessed even after you locked your device.

→ Since Passbook can store coupons, loyalty programme details and even airline boarding cards, having your Passbook unlocked even when your device is locked presents a rather obvious personal security risk.

  • Two RCE flaws in WebKit, the core of any web browsing app on any iDevice.

→ One of these bugs can be triggered by deliberately-dodgy Javascript; the other by a craftily-tweaked SVG (scalable vector graphics) file. These sorts of vulnerability are highly regarded by cybercrooks, as they can be used for drive-by infections. That’s where just visiting a page can trick your browser into running malware, without waiting for you to click through any security warnings.

There you have it. Four good reasons for iOS 6.0.1.

Apple’s writeup can be found in knowledgebase article HT5567.