About the security content of iOS 5.1.1 Software Update

This document describes the security content of iOS 5.1.1 Software Update.

iOS 5.1.1 Software Update can be downloaded and installed using iTunes.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".

iOS 5.1.1 Software Update

  • Safari

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: A maliciously crafted website may be able to spoof the address in the location bar

    Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.

    CVE-ID

    CVE-2012-0674 : David Vieira-Kurz of MajorSecurity (majorsecurity.net)

  • WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: Multiple cross-site scripting issues existed in WebKit.

    CVE-ID

    CVE-2011-3046 : Sergey Glazunov working with Google's Pwnium contest

    CVE-2011-3056 : Sergey Glazunov

  • WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in WebKit.

    CVE-ID

    CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: