iOS 6 is chock-full of new features and enhancements, such as the new Maps application (which has been deemed as inaccurate recently), Facebook integration, new Siri capabilities, the new Passbook app, and loads more. But there’s also a security side to the update.
In fact, iOS 6 probably includes the most security patches ever in any iOS release to date. Going by the support document released by Apple to discuss the security content of iOS 6
, the number of exploitable flaws that existed in the operating system is in the hundreds.
Let’s look at a few examples.
An issue in CFNetwork caused iOS to send requests to an incorrect hostname, which resulted in the disclosure of sensitive information.
Over a dozen vulnerabilities were found in FreeType, some of which could lead to arbitrary code execution when processing a maliciously crafted font.
iOS could broadcast MAC addresses of previously accessed networks via the DNAv4 protocol when connecting to a Wi-Fi network.
A couple of low-level Kernel bugs are mentioned as well, such as invalid pointer dereference issue that could allow an attacker to alter kernel memory. Another memory access issue could pave the way for a local user to determine kernel memory layout.
And here’s one that could really get a user confused.
Per Apple’s own description, ”A logic issue existed in Mail's handling of attachments. If a subsequent mail attachment used the same Content-ID as a previous one, the previous attachment would be displayed, even in the case where the 2 mails originated from different senders.”
Apple warns in its advisory that, “This could facilitate some spoofing or phishing attacks. This issue was addressed through improved handling of attachments.”
Needless to point out, iOS 6 is a must-have. If not to see how Maps renders your own city, then at least to patch all these nasty flaws, and many others.