Apple Releases iOS 5 For Download
Category: Tablets, Smartphones, Notebooks
Apple yesterday released iOS 5 for download and also disclosed the vulnerability update list for the new version to its security-announce mailing list. It details 96 separate vulnerabilities fixed in iOS 5 over previous versions of iOS.
New versions with security fixes were also announced for iTunes, Apple TV, OS X, Safari, and both Numbers and Pages for iOS. The total vulnerability count is 186, possibly a record.
The iOS updates are varied and many are highly critical. A large number of them are fixes to the Safari web browser and the WebKit engine on which it (and other browsers such as Google Chrome) is based. Nearly all of these same Safari and WebKit updates also apply to the OS X and Windows versions of Safari. So upgrading to iOS 5 might not be worth it just for the features. It should make you safer.
While you're waiting for iOS 5 to install (a process which we're told takes quite a while) make sure to check Software Update on your Mac or Windows system to apply fixes there.
It is also not unusual for Apple to issue fixes for very old vulnerabilities. In this batch we have CVE-2009-4022, an unspecified tw-year-old vulnerability in many 9.x versions of BIND, ISC's DNS server. In some configurations, the server is vulnerable to DNS cache-poisoning attacks, which allow users on the network to impersonate one another.
Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+: