MAAS History
Archives
« iOS 5 and Carrier IQ Software Facts | Main | Apple Releases iTunes 10.5 with iCloud »
Thursday
Nov102011

iOS 5.0.1 Released 

DateThursday, November 10, 2011 at 04:28PM

Apple has released iOS 5.0.1 to address an array of concerns including the battery life issue reported by some users.

This update also fixes the unsigned code access to Standard Data Management and Frameworks demonstrated by  (Charlie Miller). His discovery exposed a weakness in Apple's code approval process. There is NO THREAT to the general user population.

The logic error discovered by   took advantage of failures in mmap system calls checking of flags. This allowed any application to execute code at a level similar to Mobile Safari. Malicious Applications could use objects/classes such as NSURL, NSURLRequest, NSURLConnection and NSXMLParser to fetch additional code to execute in memory from a remote source. 

This opened a possible pathway in which a malicious actor can execute unsigned code or possibly launch a more complex exploit. Charlie Miller's application represents no threat to any user. However malicious actors have the capability and technical knowledge to duplicate his findings very easily. 

Users should update their version of iOS immediately on compatible devices.

AuthorSean OConnell Public | CommentPost a Comment | Reference4 References |
in , , , ,

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (4)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.
Member Account Required
You must have a member account on this website in order to post comments. Log in to your account to enable posting.