14 DAY TRIAL // A document describing the security content of iOS 6.0.1 has been posted online by Apple Inc. The literature describes a handful of security bugs patched in the latest update to Apple’s mobile operating system.
Because of a kernel flaw, maliciously crafted or compromised iOS apps may be able to determine addresses in the kernel, Apple says.
“An information disclosure issue existed in the handling of APIs related to kernel extensions,” according to Apple.
“Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection.”
By unsliding the addresses before returning them, Apple has managed to address this issue on iPhone 3GS and later, iPod touch (4th generation) and later, and iPad 2 or later.
The Cupertino company credits Mark Dowd of Azimuth Security, Eric Monti of Square, and additional anonymous researchers for finding and reporting the vulnerability.
A Passcode Lock flaw affecting the same device models as listed above has been patched too.
“A person with physical access to the device may be able to access Passbook passes without entering a passcode,” reads Apple’s advisory.
This was possible because “A state management issue existed in the handling of Passbook passes at the lock screen,” Apple says.
The company addressed the problem “through improved handling of Passbook passes.” Anton Tsviatkou is credited as the discoverer here.
A couple of WebKit issues are also disclosed. Notably, they’re the same bugs patched in Safari 6.0.2, because they both reside in WebKit - the app’s page rendering engine on both OS X and iOS.
For the same iDevices, iOS 6.0.2 patches a “time of check to time of use issue” in the handling of JavaScript arrays, as well as a “use after free issue” in the handling of SVG images.