Apple Update Fixes iPhone Security Flaws

/ Source: TechNewsDaily

With iOS 6.0.1, which hit mobile devices yesterday (Nov. 1), Apple is patching four security flaws that rolled out to millions of customers in September.

The biggest fix, according to Kaspersky's Threatpost security blog, was for a kernel flaw that affected iPhone 3GS and later models, all iPads except the original and the iPod Touch.

The flaw had the potential to be exploited by an attacker seeking to steal address book and browsing data, the official Apple support document noted.

The update also shored up a passcode-lock protection feature in the Passbook app.

Also included were two patches to Mobile Safari. The first added JavaScript validation to better protect users from infection by malicious code hidden on webpages, a flaw discovered by two young Dutch researchers in September.

The other protects users from a more exotic attack, this one by a malicious image. The same flaw recently netted teenage hacker "Pinkie Pie"  $60,000 from Google. (Safari shares underlying components with Google's Chrome browser.)

Customers who opted not to update to iOS 6 because of Apple's flawed Maps software will remain vulnerable to these attacks. Apple customers who own a compatible mobile device are advised to always stay up to date with the latest version of iOS.