The next vulnerability fixed by Apple is the cross-site scripting issue found by Sergey Glazunov that earned him $60,000 from Google under its Pwnium: rewards for exploits contest. Details of the exact nature of Sergey’s exploit are still unavailable but it is known that WebKit doesn’t properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a “Universal XSS (UXSS)” issue.
The final fix is also shrouded in mystery. CVE-2012-0672, which was found by Adam Barth and Abhishek Arya of the Google Chrome Security Team, is a memory corruption issue in WebKit that, if exploited, would allow an attacker to create a malicious website that could crash Safari or execute arbitrary code. However that is all that is known!
iOS 5.1.1 is available for the iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad and iPad 2.