Apple has fixed dozens of security vulnerabilities in iOS with the release of version 6.1, including a serious flaw in the kernel and a number of bugs in the WebKit framework. The company also revoked trust in the bad TurkTrust certificates that were discovered late last year.
One of the key vulnerabilities fixed in iOS 6.1 is in the operating system’s kernel and could enable an attacker to access kernel memory. The vulnerability was discovered by Mark Dowd of Azimuth Security, who presented it at the hack in the Box security conference last year.
“The iOS kernel has checks to validate that the user-mode pointer and length passed to the copyin and copyout functions would not result in a user-mode process being able to directly access kernel memory. The checks were not being used if the length was smaller than one page. This issue was addressed through additional validation of the arguments to copyin and copyout,” the Apple advisory says.
In addition to the kernel bug and the revocation of trust in the TurkTrust certificates, Apple also patched more than 20 flaws in the WebKit framework. The majority of those vulnerabilities are memory-corruption bugs, but there also are patches for two cross-site scripting flaws included in iOS 6.1. Many of the WebKit vulnerabilities were discovered by members of the Google Chrome security team.
Here’s the list of WebKit flaws fixed in iOS 6.1:
Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2012-2824 : miaubiz
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security Team
CVE-2013-0968 : Aaron Nelson
Users can install the new iOS update by going to Settings and selecting General and then Software Update.