Security & Privacy

Apple has released iOS version 6.1 with an 86.7 MB software update containing more than a handful of bug fixes and other improvements. Available for the iPad 2 and later, iPhone 3GS and later, and iPod touch (4th generation) and later, this update includes several feature improvements in addition to product security:

• LTE support for more carriers
• Allows US customers to purchase movie tickets through Fandango with Siri
• Lets iTunes Match subscribers download individual songs from iCloud
• Includes a new button to reset the Advertising Identifier.

Apple’s first major iOS 6.1 update has many iOS users speculating about its impact on the untethered jailbreak that’s supposedly being tested. The Mac Observer reports that a member of the jailbreak team said users won’t have to wait very long, suggesting that we may see a jailbreak option become available as soon as February.

While the feature improvements are being considered by some as a relatively minor update, iOS 6.1 includes bug fixes galore. iOS 6.1 covers a total of 27 CVEs, resolving a broad range of security issues.

Apple’s software update includes the following bug fixes:

CVE-2013-0963: Authentication relying on certificate-based Apple ID authentication may be bypassed

Description: An error handling issue existed in Identity Services. If the user’s AppleID certificate failed to validate, the user’s AppleID was assumed to be the empty string. If multiple systems belonging to different users enter this state, applications relying on this identity determination may erroneously extend trust. This issue was addressed by ensuring that NULL is returned instead of an empty string.

CVE-2011-3058: Visiting a maliciously crafted website may lead to a cross-site scripting attack

Description: A canonicalization issue existed in the handling of the EUC-JP encoding, which could lead to a cross-site scripting attack on EUC-JP encoded websites. This issue was addressed by updating the EUC-JP mapping table.

CVE-2013-0964:  A user-mode process may be able to access the first page of kernel memory

Description: The iOS kernel has checks to validate that the user-mode pointer and length passed to the copyin and copyout functions would not result in a user-mode process being able to directly access kernel memory. The checks were not being used if the length was smaller than one page. This issue was addressed through additional validation of the arguments to copyin and copyout.

CVE-2013-0974:  JavaScript may be enabled in Mobile Safari without user interaction

Description: If a user disabled JavaScript in Safari Preferences, visiting a site which displayed a Smart App Banner would re-enable JavaScript without warning the user. This issue was addressed by not enabling JavaScript when visiting a site with a Smart App Banner.

CVE-2012-2857, CVE-2012-3606, CVE-2012-3607, CVE-2012-3621, CVE-2012-3632, CVE-2012-3687, CVE-2012-3701, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2012-2824, CVE-2013-0958, CVE-2013-0959, CVE-2013-0968: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

CVE-2013-0962: Copying and pasting content on a malicious website may lead to a cross-site scripting attack

Description: A cross-site scripting issue existed in the handling of content pasted from a different origin. This issue was addressed through additional validation of pasted content.

CVE-2012-2889: Visiting a maliciously crafted website may lead to a cross-site scripting attack

Description: A cross-site scripting issue existed in the handling of frame elements. This issue was addressed through improved origin tracking.

CVE-2012-2619: A remote attacker on the same WiFi network may be able to temporarily disable WiFi

Description: An out of bounds read issue exists in Broadcom’s BCM4325 and BCM4329 firmware’s handling of 802.11i information elements. This issue was addressed through additional validation of 802.11i information elements.

Apple iOS users can download the available update in iTunes or through your device via Settings (General > Software Update).