Apple just released the latest update for its iOS devices, v5.1.1, in which it address three big security fixes.
The first fix is for a flaw that allows for the address bar to be spoofed in such a way as to trick a user into thinking they are on a certain website, when in fact they are on a completely different site. The address bar should not be spoof-able for this reason, as spammers and malware peddlers could use this flaw as part of an attack.
The second fix is for a cross site scripting (XSS) flaw that could be used to recover session authentication data or other information stored legitimately by a website in the browser. Such information could be used to impersonate a user online.
The third fix is for a remote code execution bug that could be used to push malware or other nasty code to your device without you even knowing about it, just by landing on a page that was crafted to exploit the flaw.
Written by: James Delahunty @ 9 May 2012 1:22
