This document describes the security content of iOS 5.1 Software Update, which can be downloaded and installed using iTunes.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates".
iOS 5.1 Software Update
-
CFNetwork
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers.
CVE-ID
CVE-2012-0641 : Erling Ellingsen of Facebook
-
HFS
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Mounting a maliciously crafted disk image may lead to a device shutdown or arbitrary code execution
Description: An integer underflow existed with the handling of HFS catalog files.
CVE-ID
CVE-2012-0642 : pod2g
-
Kernel
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A malicious program could bypass sandbox restrictions
Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges.
CVE-ID
CVE-2012-0643 : 2012 iOS Jailbreak Dream Team
-
libresolv
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Applications that use the libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption.
CVE-ID
CVE-2011-3453 : Ilja van Sprundel of IOActive
-
Passcode Lock
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A person with physical access to the device may be able to bypass the screen lock
Description: A race condition issue existed in the handling of slide to dial gestures. This may allow a person with physical access to the device to bypass the Passcode Lock screen.
CVE-ID
CVE-2012-0644 : Roland Kohler of the German Federal Ministry of Economics and Technology
-
Safari
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Web page visits may be recorded in browser history even when Private Browsing is active
Description: Safari’s Private Browsing is designed to prevent recording of a browsing session. Pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active.
CVE-ID
CVE-2012-0585 : Eric Melville of American Express
-
Siri
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Impact: An attacker with physical access to a locked phone could get access to frontmost email message
Description: A design issue existed in Siri’s lock screen restrictions. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen.
CVE-ID
CVE-2012-0645
-
VPN
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A maliciously crafted system configuration file may lead to arbitrary code execution with system privileges
Description: A format string vulnerability existed in the handling of racoon configuration files.
CVE-ID
CVE-2012-0646 : pod2g
-
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to the disclosure of cookies
Description: A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins.
CVE-ID
CVE-2011-3887 : Sergey Glazunov
-
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack
Description: A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins.
CVE-ID
CVE-2012-0590 : Adam Barth of Google Chrome Security Team
-
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: Multiple cross-origin issues existed in WebKit.
CVE-ID
CVE-2011-3881 : Sergey Glazunov
CVE-2012-0586 : Sergey Glazunov
CVE-2012-0587 : Sergey Glazunov
CVE-2012-0588 : Jochen Eisinger of Google Chrome Team
CVE-2012-0589 : Alan Austin of polyvore.com
-
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day Initiative
CVE-2011-2833 : Apple
CVE-2011-2846 : Arthur Gerkis, miaubiz
CVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense VCP
CVE-2011-2857 : miaubiz
CVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2011-2867 : Dirk Schulze
CVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2011-2869 : Cris Neckar of Google Chrome Security Team using AddressSanitizer
CVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google Chrome Security Team using AddressSanitizer
CVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2011-2877 : miaubiz
CVE-2011-3885 : miaubiz
CVE-2011-3888 : miaubiz
CVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative
CVE-2011-3908 : Aki Helin of OUSPG
CVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu
CVE-2011-3928 : wushi of team509 working with TippingPoint's Zero Day Initiative
CVE-2012-0591 : miaubiz, and Martin Barbella
CVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day Initiative
CVE-2012-0593 : Lei Zhang of the Chromium development community
CVE-2012-0594 : Adam Klein of the Chromium development community
CVE-2012-0595 : Apple
CVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2012-0597 : miaubiz
CVE-2012-0598 : Sergey Glazunov
CVE-2012-0599 : Dmytro Gorbunov of SaveSources.com
CVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google Chrome, miaubiz, Aki Helin of OUSPG, Apple
CVE-2012-0601 : Apple
CVE-2012-0602 : Apple
CVE-2012-0603 : Apple
CVE-2012-0604 : Apple
CVE-2012-0605 : Apple
CVE-2012-0606 : Apple
CVE-2012-0607 : Apple
CVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer
CVE-2012-0611 : Martin Barbella using AddressSanitizer
CVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer
CVE-2012-0615 : Martin Barbella using AddressSanitizer
CVE-2012-0616 : miaubiz
CVE-2012-0617 : Martin Barbella using AddressSanitizer
CVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2012-0621 : Martin Barbella using AddressSanitizer
CVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome Security Team
CVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2012-0624 : Martin Barbella using AddressSanitizer
CVE-2012-0625 : Martin Barbella
CVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2012-0627 : Apple
CVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer
CVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security Team
CVE-2012-0630 : Sergio Villar Senin of Igalia
CVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security Team
CVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using AddressSanitizer
CVE-2012-0633 : Apple
CVE-2012-0635 : Julien Chaffraix of the Chromium development community, Martin Barbella using AddressSanitizer