Apple fixed dozens of security vulnerabilities in iOS with the release of version 6.1, including a serious flaw in the kernel and a number of bugs in the WebKit framework.
In addition, the company also revoked trust in the bad TurkTrust certificates discovered late last year.
One of the key vulnerabilities fixed in iOS 6.1 is in the operating system’s kernel which could enable an attacker to access kernel memory. Mark Dowd of Azimuth Security was the first to find the vulnerability.
“The iOS kernel has checks to validate that the user-mode pointer and length passed to the copyin and copyout functions would not result in a user-mode process being able to directly access kernel memory,” said the Apple advisory. “The checks were not being used if the length was smaller than one page. This issue was addressed through additional validation of the arguments to copyin and copyout,” the advisory said.
In addition to the kernel bug and the revocation of trust in the TurkTrust certificates, Apple also patched more than 20 flaws in the WebKit framework. The majority of those vulnerabilities are memory-corruption bugs, but there also are patches for two cross-site scripting flaws included in iOS 6.1. Many of the WebKit vulnerabilities came from the Google Chrome security team.