This document describes the security content of iOS 5 Software Update, which can be downloaded and installed using iTunes.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
iOS 5 Software Update
- 

- 

CalDAV

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information from a CalDAV calendar server

Description: CalDAV did not check that the SSL certificate presented by the server was trusted.

CVE-ID

CVE-2011-3253 : Leszek Tasiemski of nSense

 

- 

- 

Calendar

Available for: iOS 4.2.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 4.2.0 through 4.3.5 for iPod touch (3rd generation) and later, iOS 4.2.0 through 4.3.5 for iPad

Impact: Viewing a maliciously crafted calendar invitation may inject script in the local domain

Description: A script injection issue existed in Calendar's handling of invitation notes. This issue is addressed through improved escaping of special characters in invitation notes. This issues does not affect devices prior to iOS 4.2.0.

CVE-ID

CVE-2011-3254 : Rick Deacon

 

- 

- 

CFNetwork

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: User's AppleID password may be logged to a local file

Description: A user's AppleID password and username were logged to a file that was readable by applications on the system. This is resolved by no longer logging these credentials.

CVE-ID

CVE-2011-3255 : Peter Quade of qdevelop

 

- 

- 

CFNetwork

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain.

CVE-ID

CVE-2011-3246 : Erling Ellingsen of Facebook

 

- 

- 

CoreFoundation

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization.

CVE-ID

CVE-2011-0259 : Apple

 

- 

- 

CoreGraphics

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Viewing a document containing a maliciously crafted font may lead to arbitrary code execution

Description: Multiple memory corruption existed in freetype, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font.

CVE-ID

CVE-2011-3256 : Apple

 

- 

- 

CoreMedia

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site

Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking.

CVE-ID

CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)

 

- 

- 

Data Access

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: An exchange mail cookie management issue could incorrectly cause data synchronization across different accounts

Description: When multiple mail exchange accounts are configured which connect to the same server, a session could potentially receive a valid cookie corresponding to a different account. This issue is addressed by ensuring that cookies are separated across different accounts.

CVE-ID

CVE-2011-3257 : Bob Sielken of IBM

 

- 

- 

Data Security

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.

 

- 

- 

Data Security

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Support for X.509 certificates with MD5 hashes may expose users to spoofing and information disclosure as attacks improve

Description: Certificates signed using the MD5 hash algorithm were accepted by iOS. This algorithm has known cryptographic weaknesses. Further research or a misconfigured certificate authority could have allowed the creation of X.509 certificates with attacker controlled values that would have been trusted by the system. This would have exposed X.509 based protocols to spoofing, man in the middle attacks, and information disclosure. This update disables support for an X.509 certificate with an MD5 hash for any use other than as a trusted root certificate.

CVE-ID

CVE-2011-3427

 

- 

- 

Data Security

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: An attacker could decrypt part of a SSL connection

Description: Only the SSLv3 and TLS 1.0 versions of SSL were supported. These versions are subject to a protocol weakness when using block ciphers. A man-in-the-middle attacker could have injected invalid data, causing the connection to close but revealing some information about the previous data. If the same connection was attempted repeatedly the attacker may eventually have been able to decrypt the data being sent, such as a password. This issue is addressed by adding support for TLS 1.2.

CVE-ID

CVE-2011-3389

 

- 

- 

Home screen

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Switching between applications may lead to the disclosure of sensitive application information

Description: When switching between applications with the four-finger app switching gesture, the display could have revealed the previous application state. This issue is addressed by ensuring that the system properly calls the applicationWillResignActive: method when transitioning between applications.

CVE-ID

CVE-2011-3431 : Abe White of Hedonic Software Inc.

 

- 

- 

ImageIO

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution

Description: A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images.

CVE-ID

CVE-2011-0192 : Apple

 

- 

- 

ImageIO

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

Description: A heap buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF images.

CVE-ID

CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies

 

- 

- 

International Components for Unicode

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution

Description: A buffer overflow issue existed in ICU's generation of collation keys for long strings of mostly uppercase letters.

CVE-ID

CVE-2011-0206 : David Bienvenu of Mozilla

 

- 

- 

Kernel

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: A remote attacker may cause a device reset

Description: The kernel failed to promptly reclaim memory from incomplete TCP connections. An attacker with the ability to connect to a listening service on an iOS device could exhaust system resources.

CVE-ID

CVE-2011-3259 : Wouter van der Veer of Topicus I&I, and Josh Enders

 

- 

- 

Kernel

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: A local user may be able to cause a system reset

Description: A null dereference issue existed in the handling of IPV6 socket options.

CVE-ID

CVE-2011-1132 : Thomas Clement of Intego

 

- 

- 

Keyboards

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: A user may be able to determine information about the last character of a password

Description: The keyboard used to type the last character of a password was briefly displayed the next time the keyboard was used.

CVE-ID

CVE-2011-3245 : Paul Mousdicas

 

- 

- 

libxml

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A one-byte heap buffer overflow existed in libxml's handling of XML data.

CVE-ID

CVE-2011-0216 : Billy Rios of the Google Security Team

 

- 

- 

OfficeImport

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Viewing a maliciously crafted Word file may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow existed in OfficeImport's handling of Microsoft Word documents.

CVE-ID

CVE-2011-3260 : Tobias Klein working with Verisign iDefense Labs

 

- 

- 

OfficeImport

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Viewing a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution

Description: A double free issue existed in OfficeImport's handling of Excel files.

CVE-ID

CVE-2011-3261 : Tobias Klein of www.trapkit.de

 

- 

- 

OfficeImport

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue existed in OfficeImport's handling of Microsoft Office files.

CVE-ID

CVE-2011-0208 : Tobias Klein working with iDefense VCP

 

- 

- 

OfficeImport

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue existed in OfficeImport's handling of Excel files.

CVE-ID

CVE-2011-0184 : Tobias Klein working with iDefense VCP

 

- 

- 

Safari

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Opening maliciously crafted files on certain websites may lead to a cross-site scripting attack

Description: iOS did not support the 'attachment' value for the HTTP Content-Disposition header. This header is used by many websites to serve files that were uploaded to the site by a third-party, such as attachments in web-based e-mail applications. Any script in files served with this header value would run as if the file had been served inline, with full access to other resources on the origin server. This issue is addressed by loading attachments in an isolated security origin with no access to resources on other sites.

CVE-ID

CVE-2011-3426 : Christian Matthies working with iDefense VCP, Yoshinori Oota from Business Architects Inc working with JP/CERT

 

- 

- 

Settings

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: An attacker with physical access to a device may be able to recover the restrictions passcode

Description: The parental restrictions functionality enforces UI restrictions. Configuring parental restrictions is protected by a passcode, which was previously stored in plaintext on disk. This issue is addressed by securely storing the parental restrictions passcode in the system keychain.

CVE-ID

CVE-2011-3429 : an anonymous reporter

 

- 

- 

Settings

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Misleading UI

Description: Configurations and settings applied via configuration profiles did not appear to function properly under any non-English language. Settings could be improperly displayed as a result. This issue is addressed by fixing a localization error.

CVE-ID

CVE-2011-3430 : Florian Kreitmaier of Siemens CERT

 

- 

- 

UIKit Alerts

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a malicious website may cause an unexpected device hang

Description: An excessive maximum text layout length permitted malicious websites to cause iOS to hang when drawing acceptance dialogs for very long tel: URIs. This issue is addressed by using a more reasonable maximum URI size.

CVE-ID

CVE-2011-3432 : Simon Young of Anglia Ruskin University

 

- 

- 

WebKit

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues existed in WebKit.

CVE-ID

CVE-2011-0218 : SkyLined of Google Chrome Security Team

CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security Team

CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team, and Abhishek Arya (Inferno) of Google Chrome Security Team

CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security Team

CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative

CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day Initiative

CVE-2011-0234 : Rob King working with TippingPoint's Zero Day Initiative, wushi of team509 working with TippingPoint's Zero Day Initiative

CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security Team

CVE-2011-0238 : Adam Barth of Google Chrome Security Team

CVE-2011-0254 : An anonymous researcher working with TippingPoint's Zero Day Initiative

CVE-2011-0255 : An anonymous reporter working with TippingPoint's Zero Day Initiative

CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc

CVE-2011-0983 : Martin Barbella

CVE-2011-1109 : Sergey Glazunov

CVE-2011-1114 : Martin Barbella

CVE-2011-1115 : Martin Barbella

CVE-2011-1117 : wushi of team509

CVE-2011-1121 : miaubiz

CVE-2011-1188 : Martin Barbella

CVE-2011-1203 : Sergey Glazunov

CVE-2011-1204 : Sergey Glazunov

CVE-2011-1288 : Andreas Kling of Nokia

CVE-2011-1293 : Sergey Glazunov

CVE-2011-1296 : Sergey Glazunov

CVE-2011-1449 : Marek Majkowski

CVE-2011-1451 : Sergey Glazunov

CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day Initiative

CVE-2011-1457 : John Knottenbelt of Google

CVE-2011-1462 : wushi of team509

CVE-2011-1797 : wushi of team509

CVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-2339 : Cris Neckar of the Google Chrome Security Team

CVE-2011-2341 : wushi of team509 working with Verisign iDefense Labs

CVE-2011-2351 : miaubiz

CVE-2011-2352 : Apple

CVE-2011-2354 : Apple

CVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome Security Team using AddressSanitizer

CVE-2011-2359 : miaubiz

CVE-2011-2788 : Mikolaj Malecki of Samsung

CVE-2011-2790 : miaubiz

CVE-2011-2792 : miaubiz

CVE-2011-2797 : miaubiz

CVE-2011-2799 : miaubiz

CVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security Team

CVE-2011-2813 : Cris Neckar of Google Chrome Security Team using AddressSanitizer

CVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-2816 : Apple

CVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-2818 : Martin Barbella

CVE-2011-2820 : Raman Tenneti and Philip Rogers of Google

CVE-2011-2823 : SkyLined of Google Chrome Security Team

CVE-2011-2827 : miaubiz

CVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-3232 : Aki Helin of OUSPG

CVE-2011-3234 : miaubiz

CVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team

CVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

CVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team

CVE-2011-3244 : vkouchna

 

- 

- 

WebKit

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

Description: A cross-origin issue existed in the handling of URLs with an embedded username. This issue is addressed through improved handling of URLs with an embedded username.

CVE-ID

CVE-2011-0242 : Jobert Abma of Online24

 

- 

- 

WebKit

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

Description: A cross-origin issue existed in the handling of DOM nodes.

CVE-ID

CVE-2011-1295 : Sergey Glazunov

 

- 

- 

WebKit

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: A maliciously crafted website may be able to cause a different URL to be shown in the address bar

Description: A URL spoofing issue existed in the handling of the DOM history object.

CVE-ID

CVE-2011-1107 : Jordi Chancel

 

- 

- 

WebKit

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

Description: A configuration issue existed in WebKit's use of libxslt. Visiting a maliciously crafted website may lead to arbitrary files being created with the privileges of the user, which may lead to arbitrary code execution. This issue is addressed through improved libxslt security settings.

CVE-ID

CVE-2011-1774 : Nicolas Gregoire of Agarri

 

- 

- 

WebKit

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a malicious website and dragging content in the page may lead to an information disclosure

Description: A cross-origin issue existed in WebKit's handling of HTML5 drag and drop. This issue is addressed by disallowing drag and drop across different origins.

CVE-ID

CVE-2011-0166 : Michal Zalewski of Google Inc.

 

- 

- 

WebKit

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a maliciously crafted website may lead to an information disclosure

Description: A cross-origin issue existed in the handling of Web Workers.

CVE-ID

CVE-2011-1190 : Daniel Divricean of divricean.ro

 

- 

- 

WebKit

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

Description: A cross-origin issue existed in the handling of the window.open method.

CVE-ID

CVE-2011-2805 : Sergey Glazunov

 

- 

- 

WebKit

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

Description: A cross-origin issue existed in the handling of inactive DOM windows.

CVE-ID

CVE-2011-3243 : Sergey Glazunov

 

- 

- 

WebKit

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

Description: A cross-origin issue existed in the handling of the document.documentURI property.

CVE-ID

CVE-2011-2819 : Sergey Glazunov

 

- 

- 

WebKit

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: A maliciously crafted website may be able to track the URLs that a user visits within a frame

Description: A cross-origin issue existed in the handling of the beforeload event.

CVE-ID

CVE-2011-2800 : Juho Nurminen

 

- 

- 

WiFi

Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad

Impact: WiFi credentials may be logged to a local file

Description: WiFi credentials including the passphrase and encryption keys were logged to a file that was readable by applications on the system. This is resolved by no longer logging these credentials.

CVE-ID

CVE-2011-3434 : Laurent OUDOT of TEHTRI Security