Apple patches Google 'Pwnium' bug with iOS 5.1.1 update
Deals with iPad connectivity problem, AirPlay video playback issues
Apple today shipped iOS 5.1.1 for iPhone, iPad and iPod Touch owners that dealt with connectivity issues on the tablet, fixed bugs in AirPlay's video playback and patched four vulnerabilities in the mobile operating system.
Of the four security flaws Apple addressed, one came out of Google's "Pwnium" hacking contest where the search giant put $1 million on the line.
One of the four was pegged as critical by Apple. The company does not actually rank the flaws it fixes, as do rivals Microsoft and Adobe, but the phrasing it uses in its advisory -- "arbitrary code execution" -- describes the kind of bugs that could be used by attackers to plant malware on a Mac.
Not surprisingly, all four patched vulnerabilities were located in either Safari, iOS's default browser, or WebKit, the open-source rendering engine that powers Safari.
Safari and WebKit bugs often account for the majority of patches in iOS' updates.
One of the two cross-site scripting (XSS) vulnerabilities addressed in WebKit first surfaced two months ago when independent researcher Sergey Glazunov paired that flaw with another to grab a $60,000 prize from Google at the company's first-annual Pwnium hacking challenge.
Google patched Glazunov's XSS bug in Chrome on March 8, less than 24 hours after he had demonstrated an exploit at Pwnium.
Chrome, like Safari, relies on WebKit.
Apple has not yet fixed Glazunov's XSS vulnerability in the desktop version of Safari that runs on OS X.
Glazunov also received credit for reporting another WebKit flaw, as did a pair of researchers on the Chrome security team who found a critical memory corruption bug in the engine.
Along with the patches for Safari and WebKit, Apple also included several non-security bug fixes in iOS 5.1.1. As is its usual for Apple, the descriptions of those non-security fixes were skimpy.
According to the bare-bones list, iOS 5.1.1 addressed bugs that could prevent the new iPad from switching between 2G and 3G networks, fixed unspecified problems in AirPlay's video playback, improved the reliability of Safari bookmark synchronization, dealt with an issue that displays a spurious alert after a successful App Store or iTunes purchase, and enhanced the reliability of high-definition photo taking.
iOS users can update their devices by connecting to a Windows PC or Mac equipped with iTunes, or by using the operating system's over-the-air update mechanism. For the latter, users must select the "Settings" app on an iPhone, iPad or iPod Touch, then touch "General" and finally "Software Update."
iOS 5.1.1 is the first update for Apple's mobile operating system since early March when the company launched the new iPad.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
- Apple to fix iOS 7 crash bug
- Apple rang up $10B in app sales in 2013
- Balky browsers tick off tablet owners
- iPhone, iPad dwarf mobile rivals in small- and mid-sized firms
- iOS 7 now powers 3 out of 4 Apple devices
- How to fix iOS 7 glitches
- After a week, iOS 7 runs more than half of Apple's mobile devices
- First look: The new iPhone 5S impresses
- iOS 7 off to speedy adoption start
- Amazon redesigns Kindle app for iOS 7, adds Collections
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All iOS White Papers | Webcasts