Michelle Steiner

APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update

iOS 5.0.1 Software Update is now available and addresses the
following:

CFNetwork
Available for: Â*iOS 3.0 through 5.0 for iPhone 3GS,
iPhone 4 and iPhone 4S,
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
Impact: Â*Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: Â*An issue existed in CFNetwork's handling of maliciously
crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL,
CFNetwork could navigate to an incorrect server.
CVE-ID
CVE-2011-3246 : Erling Ellingsen of Facebook

CoreGraphics
Available for: Â*iOS 3.0 through 5.0 for iPhone 3GS,
iPhone 4 and iPhone 4S,
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
Impact: Â*Viewing a document containing a maliciously crafted font may
lead to arbitrary code execution
Description: Â*Multiple memory corruption issues existed in FreeType,
the most serious of which may lead to arbitrary code execution when
processing a maliciously crafted font.
CVE-ID
CVE-2011-3439 : Apple

Data Security
Available for: Â*iOS 3.0 through 5.0 for iPhone 3GS,
iPhone 4 and iPhone 4S,
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
Impact: Â*An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Â*Two certificate authorities in the list of trusted root
certificates have independently issued intermediate certificates to
DigiCert Malaysia. DigiCert Malaysia has issued certificates with
weak keys that it is unable to revoke. An attacker with a privileged
network position could intercept user credentials or other sensitive
information intended for a site with a certificate issued by DigiCert
Malaysia. This issue is addressed by configuring default system trust
settings so that DigiCert Malaysia's certificates are not trusted. We
would like to acknowledge Bruce Morton of Entrust, Inc. for reporting
this issue.

Kernel
Available for: Â*iOS 3.0 through 5.0 for iPhone 3GS,
iPhone 4 and iPhone 4S,
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
Impact: Â*An application may execute unsigned code
Description: Â*A logic error existed in the mmap system call's
checking of valid flag combinations. This issue may lead to a bypass
of codesigning checks. This issue does not affect devices running
iOS prior to version 4.3.
CVE-ID
CVE-2011-3442 : Charlie Miller of Accuvant Labs

libinfo
Available for: Â*iOS 3.0 through 5.0 for iPhone 3GS,
iPhone 4 and iPhone 4S,
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
Impact: Â*Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: Â*An issue existed in libinfo's handling of DNS name
lookups. When resolving a maliciously crafted hostname, libinfo could
return an incorrect result.
CVE-ID
CVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of
Blocket AB

Passcode Lock
Available for: Â*iOS 4.3 through 5.0 for iPad 2
Impact: Â*A person with physical access to a locked iPad 2 may be able
to access some of the user's data
Description: Â*When a Smart Cover is opened while iPad 2 is confirming
power off in the locked state, the iPad does not request a passcode.
This allows some access to the iPad, but data protected by Data
Protection is inaccessible and apps cannot be launched.
CVE-ID
CVE-2011-3440

--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.

Michelle Steiner

In article <michelle-830E2F.11554710112011@news.eternal-september.org>,
Michelle Steiner <michelle@michelle.org> wrote:

> APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update

And it can be installed over the internet without using a computer and
iTunes, just like Apple said it would.

--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.

Lloyd E Parsons

On 11/10/11 12:57 PM, Michelle Steiner wrote:
> In article<michelle-830E2F.11554710112011@news.eternal-september.org>,
> Michelle Steiner<michelle@michelle.org> wrote:
>
>> APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
>
> And it can be installed over the internet without using a computer and
> iTunes, just like Apple said it would.
>
Yes, it sure is.

And one of the things it says it does is add multi-gestures to the
original iPad... Nice..


--
Lloyd

jc

In addition to these issues, the big thing is that it addresses the
battery problems.

-jc

On Nov 10, 12:55*pm, Michelle Steiner <miche...@michelle.org> wrote:
> APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
>
> iOS 5.0.1 Software Update is now available and addresses the
> following:
>
> CFNetwork
> Available for: *iOS 3.0 through 5.0 for iPhone 3GS,
> iPhone 4 and iPhone 4S,
> iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
> iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
> Impact: *Visiting a maliciously crafted website may lead to the
> disclosure of sensitive information
> Description: *An issue existed in CFNetwork's handling of maliciously
> crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL,
> CFNetwork could navigate to an incorrect server.
> CVE-ID
> CVE-2011-3246 : Erling Ellingsen of Facebook
>
> CoreGraphics
> Available for: *iOS 3.0 through 5.0 for iPhone 3GS,
> iPhone 4 and iPhone 4S,
> iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
> iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
> Impact: *Viewing a document containing a maliciously crafted font may
> lead to arbitrary code execution
> Description: *Multiple memory corruption issues existed in FreeType,
> the most serious of which may lead to arbitrary code execution when
> processing a maliciously crafted font.
> CVE-ID
> CVE-2011-3439 : Apple
>
> Data Security
> Available for: *iOS 3.0 through 5.0 for iPhone 3GS,
> iPhone 4 and iPhone 4S,
> iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
> iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
> Impact: *An attacker with a privileged network position may intercept
> user credentials or other sensitive information
> Description: *Two certificate authorities in the list of trusted root
> certificates have independently issued intermediate certificates to
> DigiCert Malaysia. DigiCert Malaysia has issued certificates with
> weak keys that it is unable to revoke. An attacker with a privileged
> network position could intercept user credentials or other sensitive
> information intended for a site with a certificate issued by DigiCert
> Malaysia. This issue is addressed by configuring default system trust
> settings so that DigiCert Malaysia's certificates are not trusted. We
> would like to acknowledge Bruce Morton of Entrust, Inc. for reporting
> this issue.
>
> Kernel
> Available for: *iOS 3.0 through 5.0 for iPhone 3GS,
> iPhone 4 and iPhone 4S,
> iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
> iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
> Impact: *An application may execute unsigned code
> Description: *A logic error existed in the mmap system call's
> checking of valid flag combinations. This issue may lead to a bypass
> of codesigning checks. This issue does not affect devices running
> iOS prior to version 4.3.
> CVE-ID
> CVE-2011-3442 : Charlie Miller of Accuvant Labs
>
> libinfo
> Available for: *iOS 3.0 through 5.0 for iPhone 3GS,
> iPhone 4 and iPhone 4S,
> iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
> iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
> Impact: *Visiting a maliciously crafted website may lead to the
> disclosure of sensitive information
> Description: *An issue existed in libinfo's handling of DNS name
> lookups. When resolving a maliciously crafted hostname, libinfo could
> return an incorrect result.
> CVE-ID
> CVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of
> Blocket AB
>
> Passcode Lock
> Available for: *iOS 4.3 through 5.0 for iPad 2
> Impact: *A person with physical access to a locked iPad 2 may be able
> to access some of the user's data
> Description: *When a Smart Cover is opened while iPad 2 is confirming
> power off in the locked state, the iPad does not request a passcode.
> This allows some access to the iPad, but data protected by Data
> Protection is inaccessible and apps cannot be launched.
> CVE-ID
> CVE-2011-3440
>
> --
> Tea Party Patriots is to Patriotism as
> People's Democratic Republic is to Democracy.

JKConey

"Michelle Steiner" wrote in message
news:michelle-830E2F.11554710112011@news.eternal-september.org...

APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update

iOS 5.0.1 Software Update is now available and addresses the
following:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >


DO NOT update to this if you're interested in an untethered jailbreak
anytime soon. I read there's a hole in 5.0 that was covered up in 5.0.1

salgud

On Thu, 10 Nov 2011 11:57:01 -0700, Michelle Steiner wrote:

> In article <michelle-830E2F.11554710112011@news.eternal-september.org>,
> Michelle Steiner <michelle@michelle.org> wrote:
>
>> APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
>
> And it can be installed over the internet without using a computer and
> iTunes, just like Apple said it would.

I'm guessing you have to have iCloud running to do that, don't you?

Alan Browne

On 2011-11-10 13:57 , Michelle Steiner wrote:
> In article<michelle-830E2F.11554710112011@news.eternal-september.org>,
> Michelle Steiner<michelle@michelle.org> wrote:
>
>> APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
>
> And it can be installed over the internet without using a computer and
> iTunes, just like Apple said it would.

Yep - doing it via WiFi.


--
gmail originated posts filtered due to spam.

Alan Browne

On 2011-11-10 13:57 , Michelle Steiner wrote:
> In article<michelle-830E2F.11554710112011@news.eternal-september.org>,
> Michelle Steiner<michelle@michelle.org> wrote:
>
>> APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
>
> And it can be installed over the internet without using a computer and
> iTunes, just like Apple said it would.

Did the DL by WiFi but refused to install with the battery at less than 50%.


--
gmail originated posts filtered due to spam.

salgud

On Thu, 10 Nov 2011 15:31:16 -0500, Alan Browne wrote:

> On 2011-11-10 13:57 , Michelle Steiner wrote:
>> In article<michelle-830E2F.11554710112011@news.eternal-september.org>,
>> Michelle Steiner<michelle@michelle.org> wrote:
>>
>>> APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
>>
>> And it can be installed over the internet without using a computer and
>> iTunes, just like Apple said it would.
>
> Did the DL by WiFi but refused to install with the battery at less than 50%.

Probably not a good thing to run out of juice just as an OS upgrade is
installing!

Michelle Steiner

In article <JZadnY_ADtcJqSHTnZ2dnUVZ_iwAAAAA@giganews.com>,
Alan Browne <alan.browne@FreelunchVideotron.ca> wrote:

> > And it can be installed over the internet without using a computer and
> > iTunes, just like Apple said it would.
>
> Did the DL by WiFi but refused to install with the battery at less than
> 50%.

I had mine plugged in when I did it.

--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.