updated 02:40 pm EST, Thu November 10, 2011
Also copes with DNS, certificate, kernel issues
The iOS 5.0.1 update deals with several security flaws in addition to making feature improvements, an Apple note indicates. Among these is a Smart Cover exploit that allowed people to skip passcodes and gain limited access to an iPad 2. Also fixed are vulnerabilities in components like fonts, DNS and URL handling, and weak certificates associated with DigiCert Malaysia, which are no longer trusted.
Of special interest is a kernel glitch which permitted apps to bypass codesigning checks. The hole was identified by Accuvant Labs researcher Charlie Miller, who ended up booted from the iOS Developer Program for the manner in which he publicized the problem. Although Miller is said to have sent his findings to Apple, he was rejected as an iOS developer after publicizing the flaw several weeks later in an interview with Forbes.