iOS 5.1.1 Fixes Serious URL Spoofing Vulnerability

The newly-released iOS 5.1.1 for iPhone, iPod touch and iPad contains important fixes that improve the security of each platform, according to a support document on Apple's web site.

This week, Apple rolled out a new software update for all users of its iDevices. While iOS 5.1.1 targets all versions of the iPhone, iPad, and iPod touch, the security side of the update leaves out the third-generation iPad.

A serious Safari flaw impacting iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, and iPad 2, allowed a maliciously crafted web site to spoof the address in the location bar.

This attempt to trick users into accessing a site is known as “spoofing” and it’s mostly used by cyber-criminals via spam email.

Apple’s description of the flaw and how iOS 5.1.1 addresses it can be found below:

Safari

Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Impact: A maliciously crafted website may be able to spoof the address in the location bar

Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.

CVE-ID

CVE-2012-0674 : David Vieira-Kurz of MajorSecurity (majorsecurity.net)

With that out of the way, two more bugs have been squashed in iOS 5, both of which were present in the stuff that makes Safari render web pages on your iPhone’s screen - WebKit.

One issue could lead to a cross-site scripting attack, the other could result in unexpected application termination or arbitrary code execution.

The flaws are documented below (from Apple’s HT5278 knowledge-base article):

WebKit

Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

Description: Multiple cross-site scripting issues existed in WebKit.

CVE-ID

CVE-2011-3046 : Sergey Glazunov working with Google's Pwnium contest

CVE-2011-3056 : Sergey Glazunov


WebKit

Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue existed in WebKit.

CVE-ID

CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team

Apple device owners are strongly encouraged to download and install iOS 5.1.1, not just to patch these vulnerabilities, but also to apply the rest of the fixes and improvements included by Apple (documented here).