Apple patches Google 'Pwnium' bug with iOS 5.1.1 update
Deals with iPad connectivity problem, AirPlay video playback issues
Apple today shipped iOS 5.1.1 for iPhone, iPad and iPod Touch owners that dealt with connectivity issues on the tablet, fixed bugs in AirPlay's video playback and patched four vulnerabilities in the mobile operating system.
Of the four security flaws Apple addressed, one came out of Google's "Pwnium" hacking contest where the search giant put $1 million on the line.
One of the four was pegged as critical by Apple. The company does not actually rank the flaws it fixes, as do rivals Microsoft and Adobe, but the phrasing it uses in its advisory -- "arbitrary code execution" -- describes the kind of bugs that could be used by attackers to plant malware on a Mac.
Not surprisingly, all four patched vulnerabilities were located in either Safari, iOS's default browser, or WebKit, the open-source rendering engine that powers Safari.
Safari and WebKit bugs often account for the majority of patches in iOS' updates.
One of the two cross-site scripting (XSS) vulnerabilities addressed in WebKit first surfaced two months ago when independent researcher Sergey Glazunov paired that flaw with another to grab a $60,000 prize from Google at the company's first-annual Pwnium hacking challenge.
Google patched Glazunov's XSS bug in Chrome on March 8, less than 24 hours after he had demonstrated an exploit at Pwnium.
Chrome, like Safari, relies on WebKit.
Apple has not yet fixed Glazunov's XSS vulnerability in the desktop version of Safari that runs on OS X.
Glazunov also received credit for reporting another WebKit flaw, as did a pair of researchers on the Chrome security team who found a critical memory corruption bug in the engine.
Along with the patches for Safari and WebKit, Apple also included several non-security bug fixes in iOS 5.1.1. As is its usual for Apple, the descriptions of those non-security fixes were skimpy.
According to the bare-bones list, iOS 5.1.1 addressed bugs that could prevent the new iPad from switching between 2G and 3G networks, fixed unspecified problems in AirPlay's video playback, improved the reliability of Safari bookmark synchronization, dealt with an issue that displays a spurious alert after a successful App Store or iTunes purchase, and enhanced the reliability of high-definition photo taking.
iOS users can update their devices by connecting to a Windows PC or Mac equipped with iTunes, or by using the operating system's over-the-air update mechanism. For the latter, users must select the "Settings" app on an iPhone, iPad or iPod Touch, then touch "General" and finally "Software Update."
iOS 5.1.1 is the first update for Apple's mobile operating system since early March when the company launched the new iPad.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
- Heartbleed flaw affects mobile apps, too
- Microsoft gets strategic with its Enterprise Mobility Suite
- Apple slates WWDC for June 2-6, sets up ticket lottery
- Nadella to Cook on Office revenue sharing: Drop dead
- Update: Microsoft unveils Office for iPad
- iOS tops Android for Web browsing in U.S. and other developed nations
- Apple ships iOS 7.1 with CarPlay support, home screen crash fix
- Apple to fix iOS 7 crash bug
- Apple rang up $10B in app sales in 2013
- Balky browsers tick off tablet owners
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All iOS White Papers | Webcasts