1. Akshay Masand's Avatar


    After the release of Apple’s iOS 5.1.1 update for the iPhone, iPad, and iPod Touch, the Cupertino California company finally decided to update its support webpage regarding the new software’s security tweaks which include one Safari browser and two WebKit fixes.

    The iOS 5.1.1 update released various bug fixes including HDR reliability, network switching, as well as AirPlay video playback bugs but it failed to specify what security tweaks had been added. The refresh from the security page informs us that Apple has taken care of the previously discovered custom URL spoofing exploit as well as information about two WebKit fixes.

    The security fixes (from the updated support page) can be found below:

    iOS 5.1.1 Software Update

    Safari

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: A maliciously crafted website may be able to spoof the address in the location bar

    Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.

    CVE-ID

    CVE-2012-0674 : David Vieira-Kurz of MajorSecurity (majorsecurity.net)

    WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: Multiple cross-site scripting issues existed in WebKit.

    CVE-ID

    CVE-2011-3046 : Sergey Glazunov working with Google's Pwnium contest

    CVE-2011-3056 : Sergey Glazunov

    WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in WebKit.

    CVE-ID

    CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team
    As mentioned previously, MuscleNerd tweeted that jailbreakers should stay away from the new update – so if you want to keep a jailbroken iOS device, following MuscleNerd’s advice is probably a good idea.

    Source: Apple
    Last edited by Akshay Masand; 2012-05-08 at 11:44 AM.

    Twitter: @AkshayMasand
    2012-05-08 11:39 AM
  2. dstorrents's Avatar
    (A BIG "IF") - IF the 5.1.1 release patches exploits that were possibly being saved for an IOS 6 release, why not release the hopefully completed 5.1 JB (tethered OR untethered) so that some of us who are trapped in 5.1 can see some freedom

    Sincerely,
    An iPad 3 owner who is stuck with a locked device (shipped with 5.1)
    2012-05-08 12:23 PM
  3. PoEtikly's Avatar
    Quick question, a bit off topic but in another thread somebody was asking about their camera icon not being themed in 5.1.1. Does the 5.1 tethered jb work for 5.1.1 as well? And also, what exactly are these security updates fixing? I read the article but I guess I'm not sure what issues it fixed. Was there a virus or something that was using what seemed as legit domains to inject a virus on the idevice?
    2012-05-08 12:57 PM
  4. thekirbylover's Avatar
    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
    Possible hole for a future JailbreakMe? Too bad it was patched
    Does the 5.1 tethered jb work for 5.1.1 as well?
    A4 devices are vulnerable to limera1n so they always have at least a tethered jailbreak
    2012-05-08 01:20 PM
  5. JordanV's Avatar
    about the iphone stupid battery when we will have an update?
    2012-05-08 01:42 PM
  6. spooneditr's Avatar
    (A BIG "IF") - IF the 5.1.1 release patches exploits that were possibly being saved for an IOS 6 release, why not release the hopefully completed 5.1 JB (tethered OR untethered) so that some of us who are trapped in 5.1 can see some freedom

    Sincerely,
    An iPad 3 owner who is stuck with a locked device (shipped with 5.1)
    I 2nd this comment.


    Your mom has "spirit" but I used my "pwnage tool" on her all night long and "ultrasn0wed" all over her. haha
    2012-05-08 01:48 PM
  7. chrispsevdas's Avatar
    Possible hole for a future JailbreakMe? Too bad it was patched

    A4 devices are vulnerable to limera1n so they always have at least a tethered jailbreak
    If apple has patched a hole in safari of 5.1 iOS, isn't possible for a hacker to use this hole to jailbreak iOS 5.1?
    2012-05-08 02:08 PM
  8. Nichonico's Avatar
    (A BIG "IF") - IF the 5.1.1 release patches exploits that were possibly being saved for an IOS 6 release, why not release the hopefully completed 5.1 JB (tethered OR untethered) so that some of us who are trapped in 5.1 can see some freedom

    Sincerely,
    An iPad 3 owner who is stuck with a locked device (shipped with 5.1)
    lets just save the exploits until ios 6, iphone 4s had to wait at least 8 months, so you can be patient too..
    2012-05-08 02:47 PM
  9. idkanymore's Avatar
    lets just save the exploits until ios 6, iphone 4s had to wait at least 8 months, so you can be patient too..
    Seems you didn't understand. It's no longer an exploit for ios6, not even 5.1.1 for that matter. So providing a 5.1 jailbreak would lose nothing. Just because I had to wait 8 months for a jailbreak doesn't mean everyone should now...
    2012-05-08 05:32 PM
  10. nealh's Avatar
    Seems you didn't understand. It's no longer an exploit for ios6, not even 5.1.1 for that matter. So providing a 5.1 jailbreak would lose nothing. Just because I had to wait 8 months for a jailbreak doesn't mean everyone should now...
    We did not wait 8 mo for a 4S JB. The 4S came out in October 2011, we waited till Jan/Feb 2012
    2012-05-08 06:08 PM
  11. idkanymore's Avatar
    We did not wait 8 mo for a 4S JB. The 4S came out in October 2011, we waited till Jan/Feb 2012
    It didn't sound right but I was just working off his logic. Point is that everyone shouldn't wait just because other people had to.
    2012-05-08 06:16 PM
  12. nealh's Avatar
    It didn't sound right but I was just working off his logic. Point is that everyone shouldn't wait just because other people had to.
    +1000000
    2012-05-08 07:02 PM
  13. emerica6708's Avatar
    Seems you didn't understand. It's no longer an exploit for ios6, not even 5.1.1 for that matter. So providing a 5.1 jailbreak would lose nothing. Just because I had to wait 8 months for a jailbreak doesn't mean everyone should now...
    There is nothing in here about the Dev Team's exploits being patched, this patched some vulnerable spots in safari, nobody said those are the exploits the dev team was using. Plus they had I believe six exploits and they only patched three things, so at worst there are still three exploits apple hasn't touched, and that's IF these were what the dev team had, which I doubt.
    2012-05-08 07:51 PM
  14. i113's Avatar
    It probably fixed the URL spoofer which would let a hacker make safari look like it was at wellsfargo.com, when it's really just his site, angle steals your log-on and pw.

    I don't see how a URL spoofer could have produced a jb anyway.
    2012-05-08 08:25 PM
  15. s0ulp1xel's Avatar
    Let me rephrase "Security" to "Jailbreak Patches".
    2012-05-09 01:28 PM
  16. kooris's Avatar
    I believe that none of these affect jailbreaking exploits, and most of you don't know what you're talking about. It only affects userland, and only webkit, as far as I can see. You're barking up the wrong tree.

    Also, if they don't release those exploits, apple wont, cant know which they are and cannot patch these exploits, pod2g and his team aren't dumb.
    2012-05-10 06:22 AM
LINK TO POST COPIED TO CLIPBOARD