About the security content of iOS 5.1 Software Update

This document describes the security content of iOS 5.1 Software Update.

This document describes the security content of iOS 5.1 Software Update, which can be downloaded and installed using iTunes.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".

iOS 5.1 Software Update

  • CFNetwork

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

    Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers.

    CVE-ID

    CVE-2012-0641 : Erling Ellingsen of Facebook

  • HFS

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Mounting a maliciously crafted disk image may lead to a device shutdown or arbitrary code execution

    Description: An integer underflow existed with the handling of HFS catalog files.

    CVE-ID

    CVE-2012-0642 : pod2g

  • Kernel

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: A malicious program could bypass sandbox restrictions

    Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges.

    CVE-ID

    CVE-2012-0643 : 2012 iOS Jailbreak Dream Team

  • libresolv

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Applications that use the libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution

    Description: An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption.

    CVE-ID

    CVE-2011-3453 : Ilja van Sprundel of IOActive

  • Passcode Lock

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: A person with physical access to the device may be able to bypass the screen lock

    Description: A race condition issue existed in the handling of slide to dial gestures. This may allow a person with physical access to the device to bypass the Passcode Lock screen.

    CVE-ID

    CVE-2012-0644 : Roland Kohler of the German Federal Ministry of Economics and Technology

  • Safari

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Web page visits may be recorded in browser history even when Private Browsing is active

    Description: Safari’s Private Browsing is designed to prevent recording of a browsing session. Pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active.

    CVE-ID

    CVE-2012-0585 : Eric Melville of American Express

  • Siri

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: An attacker with physical access to a locked phone could get access to frontmost email message

    Description: A design issue existed in Siri’s lock screen restrictions. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen.

    CVE-ID

    CVE-2012-0645

  • VPN

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: A maliciously crafted system configuration file may lead to arbitrary code execution with system privileges

    Description: A format string vulnerability existed in the handling of racoon configuration files.

    CVE-ID

    CVE-2012-0646 : pod2g

  • WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to the disclosure of cookies

    Description: A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins.

    CVE-ID

    CVE-2011-3887 : Sergey Glazunov

  • WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack

    Description: A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins.

    CVE-ID

    CVE-2012-0590 : Adam Barth of Google Chrome Security Team

  • WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: Multiple cross-origin issues existed in WebKit.

    CVE-ID

    CVE-2011-3881 : Sergey Glazunov

    CVE-2012-0586 : Sergey Glazunov

    CVE-2012-0587 : Sergey Glazunov

    CVE-2012-0588 : Jochen Eisinger of Google Chrome Team

    CVE-2012-0589 : Alan Austin of polyvore.com

  • WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in WebKit.

    CVE-ID

    CVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day Initiative

    CVE-2011-2833 : Apple

    CVE-2011-2846 : Arthur Gerkis, miaubiz

    CVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense VCP

    CVE-2011-2857 : miaubiz

    CVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2867 : Dirk Schulze

    CVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2869 : Cris Neckar of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2877 : miaubiz

    CVE-2011-3885 : miaubiz

    CVE-2011-3888 : miaubiz

    CVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative

    CVE-2011-3908 : Aki Helin of OUSPG

    CVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu

    CVE-2011-3928 : wushi of team509 working with TippingPoint's Zero Day Initiative

    CVE-2012-0591 : miaubiz, and Martin Barbella

    CVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day Initiative

    CVE-2012-0593 : Lei Zhang of the Chromium development community

    CVE-2012-0594 : Adam Klein of the Chromium development community

    CVE-2012-0595 : Apple

    CVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2012-0597 : miaubiz

    CVE-2012-0598 : Sergey Glazunov

    CVE-2012-0599 : Dmytro Gorbunov of SaveSources.com

    CVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google Chrome, miaubiz, Aki Helin of OUSPG, Apple

    CVE-2012-0601 : Apple

    CVE-2012-0602 : Apple

    CVE-2012-0603 : Apple

    CVE-2012-0604 : Apple

    CVE-2012-0605 : Apple

    CVE-2012-0606 : Apple

    CVE-2012-0607 : Apple

    CVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer

    CVE-2012-0611 : Martin Barbella using AddressSanitizer

    CVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer

    CVE-2012-0615 : Martin Barbella using AddressSanitizer

    CVE-2012-0616 : miaubiz

    CVE-2012-0617 : Martin Barbella using AddressSanitizer

    CVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2012-0621 : Martin Barbella using AddressSanitizer

    CVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome Security Team

    CVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2012-0624 : Martin Barbella using AddressSanitizer

    CVE-2012-0625 : Martin Barbella

    CVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2012-0627 : Apple

    CVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security Team

    CVE-2012-0630 : Sergio Villar Senin of Igalia

    CVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security Team

    CVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using AddressSanitizer

    CVE-2012-0633 : Apple

    CVE-2012-0635 : Julien Chaffraix of the Chromium development community, Martin Barbella using AddressSanitizer

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: