June 19, 2021

iOS 5.1 Fixes Mammoth Amount of Security Issues – Many in WebKit

(LiveHacking.Com) – Apple has released iOS 5.1 for the iPhone 3GS, 4 and 4S, the 3rd and 4th generation iPod touch, and all of its iPad models. As well as a few new features, this point release update contains a slew of security related bug fixes. Over 90 individual identifiable vulnerabilities were fixed, the majority of which were in WebKit – the web browser rendering system used in Safari. These WebKit errors are ones mostly already fixed in Chrome with the credit for the discovery of the vulnerabilities going to the “Google Chrome Security Team.” However Apple haven’t been sitting around doing nothing, a healthy portion of the WebKit errors were also discovered by Apple themselves.

The WebKit errors are described by Apple, in its security advisory, as memory corruption issues that can be exploited if the user visits a specially crafted web page. Rendering the page may lead to an unexpected application termination or arbitrary code execution.

Besides WebKit, Apple fixed other bugs including a kernel logic issue in the handling of debug system calls that could allow a malicious program to gain code execution in other programs with the same user privileges, and a race condition in the handling of slide to dial gestures that could allow a person with physical access to the device to bypass the Passcode Lock screen.

Another lock screen issue fixed is related to Siri. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen.

A non WebKit related error has been fixed in Safari’s Private Browsing mode. Safari’s Private Browsing is designed to prevent recording of a browsing session. Pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active.

New Features

Besides support for the new iPad with the retina display, iOS 5.1 adds the following notable new features:

  • Images can now be removed manually from the Photo Stream in iCloud. Any photos deleted are now also removed from other iOS devices connected to iCloud.
  • Genius now available with iTunes Match.
  • Improved Location Services.
  • Support for Siri in Japanese.
  • New Lockscreen camera button – you no longer have to double tap home button, just swipe up to access the Camera app.
  • App Store download limit over 3G increased from 20 megabytes to 50 megabytes.
  • Face detection in Camera app now tags faces with green boxes.