With Apple getting more play in the automation sector either through its smartphone or its iPad, it it is worth reporting the company just released iOS 5.0.1 – an update to October’s publication of iOS 5.0 for iPhones and iPads.
The update includes fixes for two major security holes discovered since the release. One researcher revealed he was able to run unsigned code on Apple’s devices by exploiting a flaw in versions of iOS 4.3 and later.
That flaw, a logic error in the kernel’s mmap system call and its checking of flags, is now fine. Exploitation of the flaw could allow an attacker to inject unsigned code into a maliciously crafted signed application, bypassing many of Apple’s security restrictions.
The problem with the iPad 2’s Smart Cover and iOS 5.0 which could allow an attacker to bypass the passcode lock. Among the other issues resolved in the update are two flaws which said to “lead to the disclosure of sensitive information”: One in CFNetwork’s handling of URLs and the other in the handling of DNS lookups. Apple also configured the default trust system for certificates to no longer trust DigiCert Malaysia’s certificates after they discovered they were weak and incorrectly formed.
The iOS update also addresses a number of non-security issues including fixing bugs which reduced battery life.
The update is also the first iOS update to be available OTA (Over The Air). iPhone and iPad users with iOS 5.0 on their device can select Settings ➤ General ➤ Software Update and follow the instructions there. They can also use iTunes on their desktop computer to install the update when they synchronize the device, as can users who have not yet installed iOS 5.