Apple updates iOS fixing 27 vulnerabilities and TURKTRUST revocation

Apple updates iOS fixing 27 vulnerabilities and TURKTRUST revocation

ios6-170Apple has released version 6.1 of its iOS operating system that is the brains of millions of iPhones, iPads and iPod Touch devices.

I consider this to be a critical update, as many of the fixes can be used to remotely compromise your shiny iDevices.

iOS 6.1 is available for users of the iPhone 3GS and later, iPad 2 and later and iPod Touch 4th generation and later. Apparently Apple’s advice to users of its older hardware is “buy a new one”.

The vast majority of the flaws were in WebKit, the rendering engine used by Safari to display web content. This isn’t surprising as it is a very complicated component.

It is also a very dangerous component to leave vulnerable as it can be attacked by any web page controlled by someone with malicious intent. I would make these updates a priority.

Some of these fixes have been known for some time. A bug in handling Japanese Unicode characters dates back to 2011 and could lead to a cross-site scripting attack.

You could even characterize this update as long-awaited as it finally addresses the bad certificates released by TURKTRUST and discovered this past Christmas.

A bit of too little, too late though. Although iOS devices will no longer trust the two intermediate certificates that were accidentally issued, those certificates have already been destroyed and determined to not have been used maliciously.

Apple has also released an update to the Apple TV bringing its release number to 5.2. Two responsibly disclosed vulnerabilities were fixed in this release, one of which appears to be intended to prevent jailbreaking.

As always update as soon as you can and you will enjoy a safer Apple experience.