Security & Privacy

Apple Releases iOS 5.0.1 With Several Security Fixes; First OTA Update for iOS

Posted on November 10th, 2011 by

Apple has just released iOS 5.0.1, for the iPhone, iPad and iPod touch. In addition to several bug fixes and improvements (notably concerning battery life for iOS devices), this update contains several security fixes. Some of these fixes involve network access, fonts, kernel issues and the passcode lock, but one is worth noting.

Impact: An application may execute unsigned code
Description: A logic error existed in the mmap system call’s checking of valid flag combinations. This issue may lead to a bypass of codesigning checks. This issue does not affect devices running iOS prior to version 4.3.

This is the bug that security researcher Charlie Miller unearthed just a few days ago, that we reported on here. While it may seem that Apple reacted quickly, patching this bug in just a couple of days, Miller had stated that he had informed Apple about the bug before they removed his program from the App Store. Full information about the security content of this update is available here.

This is the first iOS update available by “over the air,” or OTA, updating. You can get the update by connecting your device to iTunes, as in the past, or you can go to Settings > General > Software Update. Your device will show you information about the new update, and you can tap Download and Install to install it directly. One big advantage to this type of update is that the updates are incremental; instead of some 500 MB for a full iOS download, this update shows as around 40 MB, on our iPad and iPod touch, and 45 MB for iPhones.