Serious Security Flaws Fixed In iOS 5.1.1

Apple has released an update to iOS which addressed three serious security flaws that could be used to exploit iPhones and iPads.

iOS 5.1.1 also introduces a number of more minor bug fixes, but has been described by Sophos as “more than just a cosmetic fix.”

Recommended Update

According to Apple, one of the three security problems was a URL spoofing issue which existed in Safari. “This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain,” said Apple. “This issue does not affect OS X systems.” If exploited, this vulnerability could be used by scammers, phishers and malware users to create fake sites which pretended to be real.

Another issue that existed in Safari was a bug that could allow a malicious website to execute a cross-site scripting attack. This meant that one site could be able to read cookies set by another and could be able to recover session authentic data and impersonate users online.

The third serious security concern was that “visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.” This could allow cybercriminals to sneak malware onto a device without the user’s consent.

The update also features a number of other alterations, such as improving the reliability of the HDR option for photos taken using the lock screen shortcut and better syncing of Safari bookmarks and reading lists.

New iPad users can now switch between 2G and 3G networks without any problems and the issue where an ‘unable to purchase’ alert was displayed despite a successful purchase has been rectified, as has an AirPlay video playback bug.

How closely have you been following the evolution of the iPhone? Find out with our quiz?