About the security content of iOS 5 Software Update

This document describes the security content of iOS 5 Software Update.

This document describes the security content of iOS 5 Software Update, which can be downloaded and installed using iTunes.

For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key".

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".

iOS 5 Software Update

  • CalDAV

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information from a CalDAV calendar server

    Description: CalDAV did not check that the SSL certificate presented by the server was trusted.

    CVE-ID

    CVE-2011-3253: Leszek Tasiemski of nSense

  • Calendar

    Available for: iOS 4.2.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 4.2.0 to 4.3.5 for iPod touch (3rd generation) and later, iOS 4.2.0 to 4.3.5 for iPad

    Impact: Viewing a maliciously crafted calendar invitation may inject script in the local domain

    Description: A script injection issue existed in Calendar's handling of invitation notes. This issue is addressed through improved escaping of special characters in invitation notes. This issue does not affect devices prior to iOS 4.2.0.

    CVE-ID

    CVE-2011-3254: Rick Deacon

  • CFNetwork

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: User's Apple ID password may be logged to a local file

    Description: A user's Apple ID password and username were logged to a file that was readable by applications on the system. This is resolved by no longer logging these credentials.

    CVE-ID

    CVE-2011-3255: Peter Quade of qdevelop

  • CFNetwork

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

    Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain.

    CVE-ID

    CVE-2011-3246: Erling Ellingsen of Facebook

  • CoreFoundation

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Viewing a maliciously crafted website or email message may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in CoreFoundation's handling of string tokenisation.

    CVE-ID

    CVE-2011-0259: Apple

  • CoreGraphics

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Viewing a document containing a maliciously crafted font may lead to arbitrary code execution

    Description: Multiple memory corruption existed in freetype, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font.

    CVE-ID

    CVE-2011-3256: Apple

  • CoreMedia

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site

    Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking.

    CVE-ID

    CVE-2011-0187: Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)

  • Data Access

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: An exchange mail cookie management issue could incorrectly cause data synchronisation across different accounts

    Description: When multiple mail exchange accounts are configured that connect to the same server, a session could potentially receive a valid cookie corresponding to a different account. This issue is addressed by ensuring that cookies are separated across different accounts.

    CVE-ID

    CVE-2011-3257: Bob Sielken of IBM

  • Data Security

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

    Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.

  • Data Security

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Support for X.509 certificates with MD5 hashes may expose users to spoofing and information disclosure as attacks improve

    Description: Certificates signed using the MD5 hash algorithm were accepted by iOS. This algorithm has known cryptographic weaknesses. Further research or a misconfigured certificate authority could have allowed the creation of X.509 certificates with attacker controlled values that would have been trusted by the system. This would have exposed X.509 based protocols to spoofing, man-in-the-middle attacks and information disclosure. This update disables support for an X.509 certificate with an MD5 hash for any use other than as a trusted root certificate.

    CVE-ID

    CVE-2011-3427

  • Data Security

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: An attacker could decrypt part of a SSL connection

    Description: Only the SSLv3 and TLS 1.0 versions of SSL were supported. These versions are subject to a protocol weakness when using block ciphers. A man-in-the-middle attacker could have injected invalid data, causing the connection to close but revealing some information about the previous data. If the same connection was attempted repeatedly, the attacker may eventually have been able to decrypt the data being sent, such as a password. This issue is addressed by adding support for TLS 1.2.

    CVE-ID

    CVE-2011-3389

  • Home screen

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Switching between applications may lead to the disclosure of sensitive application information

    Description: When switching between applications with the four-finger app switching gesture, the display could have revealed the previous application state. This issue is addressed by ensuring that the system properly calls the applicationWillResignActive: method when transitioning between applications.

    CVE-ID

    CVE-2011-3431: Abe White of Hedonic Software Inc.

  • ImageIO

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images.

    CVE-ID

    CVE-2011-0192: Apple

  • ImageIO

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF images.

    CVE-ID

    CVE-2011-0241: Cyril CATTIAUX of Tessi Technologies

  • International Components for Unicode

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow issue existed in ICU's generation of collation keys for long strings of mostly uppercase letters.

    CVE-ID

    CVE-2011-0206: David Bienvenu of Mozilla

  • Kernel

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: A remote attacker may cause a device reset

    Description: The kernel failed to promptly reclaim memory from incomplete TCP connections. An attacker with the ability to connect to a listening service on an iOS device could exhaust system resources.

    CVE-ID

    CVE-2011-3259: Wouter van der Veer of Topicus I&I and Josh Enders

  • Kernel

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: A local user may be able to cause a system reset

    Description: A null de-reference issue existed in the handling of IPV6 socket options.

    CVE-ID

    CVE-2011-1132: Thomas Clement of Intego

  • Keyboards

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: A user may be able to determine information about the last character of a password

    Description: The keyboard used to type the last character of a password was briefly displayed the next time the keyboard was used.

    CVE-ID

    CVE-2011-3245: Paul Mousdicas

  • libxml

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A one-byte heap buffer overflow existed in libxml's handling of XML data.

    CVE-ID

    CVE-2011-0216: Billy Rios of the Google Security Team

  • OfficeImport

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Viewing a maliciously crafted Word file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in OfficeImport's handling of Microsoft Word documents.

    CVE-ID

    CVE-2011-3260: Tobias Klein working with Verisign iDefense Labs

  • OfficeImport

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Viewing a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution

    Description: A double free issue existed in OfficeImport's handling of Excel files.

    CVE-ID

    CVE-2011-3261: Tobias Klein of www.trapkit.de

  • OfficeImport

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in OfficeImport's handling of Microsoft Office files.

    CVE-ID

    CVE-2011-0208: Tobias Klein working with iDefense VCP

  • OfficeImport

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in OfficeImport's handling of Excel files.

    CVE-ID

    CVE-2011-0184: Tobias Klein working with iDefense VCP

  • Safari

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Opening maliciously crafted files on certain websites may lead to a cross-site scripting attack

    Description: iOS did not support the 'attachment' value for the HTTP Content-Disposition header. This header is used by many websites to serve files that were uploaded to the site by a third party, such as attachments in web-based email applications. Any script in files served with this header value would run as if the file had been served inline, with full access to other resources on the origin server. This issue is addressed by loading attachments in an isolated security origin with no access to resources on other sites.

    CVE-ID

    CVE-2011-3426: Christian Matthies working with iDefense VCP, Yoshinori Oota from Business Architects Inc working with JP/CERT

  • Settings

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: An attacker with physical access to a device may be able to recover the restrictions passcode

    Description: The parental restrictions functionality enforces UI restrictions. Configuring parental restrictions is protected by a passcode, which was previously stored in plaintext on disk. This issue is addressed by securely storing the parental restrictions passcode in the system keychain.

    CVE-ID

    CVE-2011-3429: an anonymous reporter

  • Settings

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Misleading UI

    Description: Configurations and settings applied via configuration profiles did not appear to function properly under any non-English language. Settings could be improperly displayed as a result. This issue is addressed by fixing a localisation error.

    CVE-ID

    CVE-2011-3430: Florian Kreitmaier of Siemens CERT

  • UIKit Alerts

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a malicious website may cause a device to freeze unexpectedly

    Description: An excessive maximum text layout length permitted malicious websites to cause iOS to freeze when drawing acceptance dialogs for very long tel: URIs. This issue is addressed by using a more reasonable maximum URI size.

    CVE-ID

    CVE-2011-3432: Simon Young of Anglia Ruskin University

  • WebKit

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in WebKit.

    CVE-ID

    CVE-2011-0218: SkyLined of Google Chrome Security Team

    CVE-2011-0221: Abhishek Arya (Inferno) of Google Chrome Security Team

    CVE-2011-0222: Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team and Abhishek Arya (Inferno) of Google Chrome Security Team

    CVE-2011-0225: Abhishek Arya (Inferno) of Google Chrome Security Team

    CVE-2011-0232: J23 working with TippingPoint's Zero Day Initiative

    CVE-2011-0233: wushi of team509 working with TippingPoint's Zero Day Initiative

    CVE-2011-0234: Rob King working with TippingPoint's Zero Day Initiative, wushi of team509 working with TippingPoint's Zero Day Initiative

    CVE-2011-0235: Abhishek Arya (Inferno) of Google Chrome Security Team

    CVE-2011-0238: Adam Barth of Google Chrome Security Team

    CVE-2011-0254: An anonymous researcher working with TippingPoint's Zero Day Initiative

    CVE-2011-0255: An anonymous reporter working with TippingPoint's Zero Day Initiative

    CVE-2011-0981: Rik Cabanier of Adobe Systems, Inc

    CVE-2011-0983: Martin Barbella

    CVE-2011-1109: Sergey Glazunov

    CVE-2011-1114: Martin Barbella

    CVE-2011-1115: Martin Barbella

    CVE-2011-1117: wushi of team509

    CVE-2011-1121: miaubiz

    CVE-2011-1188: Martin Barbella

    CVE-2011-1203: Sergey Glazunov

    CVE-2011-1204: Sergey Glazunov

    CVE-2011-1288: Andreas Kling of Nokia

    CVE-2011-1293: Sergey Glazunov

    CVE-2011-1296: Sergey Glazunov

    CVE-2011-1449: Marek Majkowski

    CVE-2011-1451: Sergey Glazunov

    CVE-2011-1453: wushi of team509 working with TippingPoint's Zero Day Initiative

    CVE-2011-1457: John Knottenbelt of Google

    CVE-2011-1462: wushi of team509

    CVE-2011-1797: wushi of team509

    CVE-2011-2338: Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2339: Cris Neckar of the Google Chrome Security Team

    CVE-2011-2341: wushi of team509 working with Verisign iDefense Labs

    CVE-2011-2351: miaubiz

    CVE-2011-2352: Apple

    CVE-2011-2354: Apple

    CVE-2011-2356: Adam Barth and Abhishek Arya of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2359: miaubiz

    CVE-2011-2788: Mikolaj Malecki of Samsung

    CVE-2011-2790: miaubiz

    CVE-2011-2792: miaubiz

    CVE-2011-2797: miaubiz

    CVE-2011-2799: miaubiz

    CVE-2011-2809: Abhishek Arya (Inferno) of Google Chrome Security Team

    CVE-2011-2813: Cris Neckar of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2814: Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2816: Apple

    CVE-2011-2817: Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2011-2818: Martin Barbella

    CVE-2011-2820: Raman Tenneti and Philip Rogers of Google

    CVE-2011-2823: SkyLined of Google Chrome Security Team

    CVE-2011-2827: miaubiz

    CVE-2011-2831: Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2011-3232: Aki Helin of OUSPG

    CVE-2011-3234: miaubiz

    CVE-2011-3235: Dimitri Glazkov, Kent Tamura and Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team

    CVE-2011-3236: Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer

    CVE-2011-3237: Dimitri Glazkov, Kent Tamura and Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team

    CVE-2011-3244: vkouchna

  • WebKit

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: A cross-origin issue existed in the handling of URLs with an embedded username. This issue is addressed through improved handling of URLs with an embedded username.

    CVE-ID

    CVE-2011-0242: Jobert Abma of Online24

  • WebKit

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: A cross-origin issue existed in the handling of DOM nodes.

    CVE-ID

    CVE-2011-1295: Sergey Glazunov

  • WebKit

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: A maliciously crafted website may be able to cause a different URL to be shown in the address bar

    Description: A URL spoofing issue existed in the handling of the DOM history object.

    CVE-ID

    CVE-2011-1107: Jordi Chancel

  • WebKit

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: A configuration issue existed in WebKit's use of libxslt. Visiting a maliciously crafted website may lead to arbitrary files being created with the privileges of the user, which may lead to arbitrary code execution. This issue is addressed through improved libxslt security settings.

    CVE-ID

    CVE-2011-1774: Nicolas Gregoire of Agarri

  • WebKit

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a malicious website and dragging content in the page may lead to an information disclosure

    Description: A cross-origin issue existed in WebKit's handling of HTML5 drag and drop. This issue is addressed by disallowing drag and drop across different origins.

    CVE-ID

    CVE-2011-0166: Michal Zalewski of Google Inc.

  • WebKit

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a maliciously crafted website may lead to an information disclosure

    Description: A cross-origin issue existed in the handling of Web Workers.

    CVE-ID

    CVE-2011-1190: Daniel Divricean of divricean.ro

  • WebKit

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: A cross-origin issue existed in the handling of the window.open method.

    CVE-ID

    CVE-2011-2805: Sergey Glazunov

  • WebKit

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: A cross-origin issue existed in the handling of inactive DOM windows.

    CVE-ID

    CVE-2011-3243: Sergey Glazunov

  • WebKit

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: A cross-origin issue existed in the handling of the document.documentURI property.

    CVE-ID

    CVE-2011-2819: Sergey Glazunov

  • WebKit

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: A maliciously crafted website may be able to track the URLs that a user visits within a frame

    Description: A cross-origin issue existed in the handling of the beforeload event.

    CVE-ID

    CVE-2011-2800: Juho Nurminen

  • Wi-Fi

    Available for: iOS 3.0 to 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 to 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 to 4.3.5 for iPad

    Impact: Wi-Fi credentials may be logged to a local file

    Description: Wi-Fi credentials including the passphrase and encryption keys were logged to a file that was readable by applications on the system. This is resolved by no longer logging these credentials.

    CVE-ID

    CVE-2011-3434: Laurent OUDOT of TEHTRI Security

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: