View this article at: //
Thursday, Nov 01, 2012 2:01pm
iOS 6.0.1 delivers iPhone 5-focused bugfixes [U]
[Updated: specific security fix information added] Apple has posted iOS 6.0.1, a firmware update for the iPhone, iPad, and iPod touch. The software focuses on fixing problems with the iPhone 5, namely a glitch that can prevent over-the-air updates. If a person does try to update directly from their iPhone, they must first download a special intermediary patch that allows v6.0.1 to be delivered.

The firmware is also said to solve issues with camera flash not going off, connection reliability for the iPhone 5 and fifth-generation iPod touch when on WPA2-encrypted Wi-Fi networks, and a bug with Passcode Lock that would let people access the details of Passbook passes. A bug sometimes preventing iPhones from using cellular networks has been eliminated, and the Use Cellular Data switch for iTunes Match has been "consolidated."

Less iPhone-centric fixes deal with horizontal lines on the keyboard, and trouble in Exchange meetings. The size of the v6.0.1 download varies based on the device, up to well over 1GB in the case of the iPad. Users must have at least an iPhone 3GS, iPad 2, or fourth-generation iPod touch.

Update: Apple has released specific details of security fixes included in iOS 6.0.1. Half of the four individual fixes deal with WebKit, with the other two focusing on vulnerabilities in Passcode Lock and the kernel itself.

The two WebKit flaws, one in the handling of SVG files and one in JavaScript handling, made it possible that when users visited a maliciously-crafted website, it could have lead to an unexpected application termination or arbitrary code execution. The flaws were found by hackers at the HP TippingPoint's Zero Day Initiative and at Google's Pwnium 2 contest.

The kernel flaw allowed maliciously-crafted or compromised iOS applications to be able to determine addresses in the kernel, which could help hackers bypass address space layout randomization protection. Finally, a flaw was found with the way Passbook handles passes on the lock screen, allowing an intruder with physical access to the iPhone to gain access to the Passbook passes without having to enter the lockscreen passcode. All four have now been fixed.