20 Mar 2012
09 May 2012
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.
The actual impact varies significantly depending on the design and purpose of the affected application.
This covers various vulnerabilities where it is possible for malicious users or people to impersonate other users or systems.
Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.
1) An error within Safari when opening a new window using "window.open()" can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.
This vulnerability is confirmed in iOS version 5.1 (9B176) on iPhone 4 and 4th generation iPod touch. Other versions and devices may also be affected.
2) Some vulnerabilities are caused due to a bundled vulnerable version of WebKit.
3) An error within the WebKit component can be exploited to corrupt memory.
Successful exploitation of vulnerabilities #2 and #3 may allow execution of arbitrary code.
Apply iOS 5.1.1 Software Update.
1) David Vieira-Kurz, MajorSecurity.