Apple patches Google 'Pwnium' bug with iOS 5.1.1 update

Deals with iPad connectivity problem, AirPlay video playback issues

Apple today shipped iOS 5.1.1 for iPhone, iPad and iPod Touch owners that dealt with connectivity issues on the tablet, fixed bugs in AirPlay's video playback and patched four vulnerabilities in the mobile operating system.

Of the four security flaws Apple addressed, one came out of Google's "Pwnium" hacking contest where the search giant put $1 million on the line.

One of the four was pegged as critical by Apple. The company does not actually rank the flaws it fixes, as do rivals Microsoft and Adobe, but the phrasing it uses in its advisory -- "arbitrary code execution" -- describes the kind of bugs that could be used by attackers to plant malware on a Mac.

Not surprisingly, all four patched vulnerabilities were located in either Safari, iOS's default browser, or WebKit, the open-source rendering engine that powers Safari.

Safari and WebKit bugs often account for the majority of patches in iOS' updates.

One of the two cross-site scripting (XSS) vulnerabilities addressed in WebKit first surfaced two months ago when independent researcher Sergey Glazunov paired that flaw with another to grab a $60,000 prize from Google at the company's first-annual Pwnium hacking challenge.

Google patched Glazunov's XSS bug in Chrome on March 8, less than 24 hours after he had demonstrated an exploit at Pwnium.

Chrome, like Safari, relies on WebKit.

Apple has not yet fixed Glazunov's XSS vulnerability in the desktop version of Safari that runs on OS X.

Glazunov also received credit for reporting another WebKit flaw, as did a pair of researchers on the Chrome security team who found a critical memory corruption bug in the engine.

Along with the patches for Safari and WebKit, Apple also included several non-security bug fixes in iOS 5.1.1. As is its usual for Apple, the descriptions of those non-security fixes were skimpy.

iOS5.1.jpg
iOS 5.1.1 patches four vulnerabilities and includes fixes for a quintet of other problems Apple disclosed.

According to the bare-bones list, iOS 5.1.1 addressed bugs that could prevent the new iPad from switching between 2G and 3G networks, fixed unspecified problems in AirPlay's video playback, improved the reliability of Safari bookmark synchronization, dealt with an issue that displays a spurious alert after a successful App Store or iTunes purchase, and enhanced the reliability of high-definition photo taking.

iOS users can update their devices by connecting to a Windows PC or Mac equipped with iTunes, or by using the operating system's over-the-air update mechanism. For the latter, users must select the "Settings" app on an iPhone, iPad or iPod Touch, then touch "General" and finally "Software Update."

iOS 5.1.1 is the first update for Apple's mobile operating system since early March when the company launched the new iPad.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies