Apple patches Google 'Pwnium' bug with iOS 5.1.1 update
Deals with iPad connectivity problem, AirPlay video playback issues
Apple today shipped iOS 5.1.1 for iPhone, iPad and iPod Touch owners that dealt with connectivity issues on the tablet, fixed bugs in AirPlay's video playback and patched four vulnerabilities in the mobile operating system.
Of the four security flaws Apple addressed, one came out of Google's "Pwnium" hacking contest where the search giant put $1 million on the line.
One of the four was pegged as critical by Apple. The company does not actually rank the flaws it fixes, as do rivals Microsoft and Adobe, but the phrasing it uses in its advisory -- "arbitrary code execution" -- describes the kind of bugs that could be used by attackers to plant malware on a Mac.
Not surprisingly, all four patched vulnerabilities were located in either Safari, iOS's default browser, or WebKit, the open-source rendering engine that powers Safari.
Safari and WebKit bugs often account for the majority of patches in iOS' updates.
One of the two cross-site scripting (XSS) vulnerabilities addressed in WebKit first surfaced two months ago when independent researcher Sergey Glazunov paired that flaw with another to grab a $60,000 prize from Google at the company's first-annual Pwnium hacking challenge.
Google patched Glazunov's XSS bug in Chrome on March 8, less than 24 hours after he had demonstrated an exploit at Pwnium.
Chrome, like Safari, relies on WebKit.
Apple has not yet fixed Glazunov's XSS vulnerability in the desktop version of Safari that runs on OS X.
Glazunov also received credit for reporting another WebKit flaw, as did a pair of researchers on the Chrome security team who found a critical memory corruption bug in the engine.
Along with the patches for Safari and WebKit, Apple also included several non-security bug fixes in iOS 5.1.1. As is its usual for Apple, the descriptions of those non-security fixes were skimpy.
According to the bare-bones list, iOS 5.1.1 addressed bugs that could prevent the new iPad from switching between 2G and 3G networks, fixed unspecified problems in AirPlay's video playback, improved the reliability of Safari bookmark synchronization, dealt with an issue that displays a spurious alert after a successful App Store or iTunes purchase, and enhanced the reliability of high-definition photo taking.
iOS users can update their devices by connecting to a Windows PC or Mac equipped with iTunes, or by using the operating system's over-the-air update mechanism. For the latter, users must select the "Settings" app on an iPhone, iPad or iPod Touch, then touch "General" and finally "Software Update."
iOS 5.1.1 is the first update for Apple's mobile operating system since early March when the company launched the new iPad.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- Carmakers put Apple's CarPlay in the slow lane
- Timeline: How Apple's iOS gained enterprise cred
- China calls the iPhone and iOS 7 threats to national security
- Dev interest in OS X Yosemite is 4X what it was for Mavericks in '13
- The Pangu jailbreak for iOS could turn into a sinister attack
- Apple nails Health timing as fitness app usage soars
- Developer demos iPad split-screen in photos, video
- Microsoft should grab Apple's 'Handoff' for Office
- Developer discovers split screen in iOS 8 code
- Apple opens up iOS, struts Mac-iPhone-iPad integration
- Cloud Computing Drives IT and Business Agility Hybrid Cloud Accelerates Time to Value What is the main focus for IT in your organization - cost or agility? Many IT discussions today focus on cost controls rather...
- Infographic:10 Reasons to Choose vCloud Air Looking to create an agile, productive, and efficient IT environment? Read this simple infographic to learn about the benefits that VMware vCloud® Air™...
- Data Visualization Techniques: From Basics to Big Data with SAS Visual Analytics This paper discusses some of the basic issues concerning data visualization, from data size and column composition, to solving unique challenges presented by...
- 5 Hybrid Cloud Starting Points Did you know that more than 50% of organizations are already using or planning a move to hybrid cloud?
- Cloud BI in Action: Recorded Webinar of Customer, Kony, Inc. See how Kony, Inc., a leading enterprise mobility company, is using TIBCO Jaspersoft for Amazon Web Services and Redshift to achieve embedded analytics...
- Cloud BI Overview: Jaspersoft for AWS Check out this overview of Jaspersoft for AWS, to easily and affordably build business intelligence solutions as well as embed visualizations and analytics... All iOS White Papers | Webcasts