Apple patches-up three major security flaws in iOS 5.1.1
The Iphone, Ipad and Ipod operating system upgrade improves the reliability of using the HDR option for photos taken using the Lock Screen shortcut, addresses bugs that could prevent the new Ipad from switching between 2G and 3G networks, improves Airplay video playback and increases reliability for syncing Safari bookmarks and Reading List.
More importantly, the update patches three major security flaws. The first is address-bar spoofing, to ensure that scammers, phishers and peddlers of malware cannot direct users to bogus web sites pretending to be real.
The second patch addresses cross-site scripting, or XSS, a vunderability that enables attackers to inject client-side scripts into web pages viewed by other users.
The third security flaw fixed in the update is remote code execution, that is, a maliciously crafted web page that might crash your browser in a way that it ends up running program code secretly embedded in the web page.
He said, “Version 5.1.1 is more than just a cosmetic fix: it patches at least three security flaws, all of which should be considered serious.”
“Make sure that HT1222 is updated at the same time as any security-related product update is published, not hours or days later. This will have a positive outcome: your users will apply security fixes more promptly.”
Ducklin also advises that users with jailbroken Apple devices can update too, at least if they have an Idevice with an A4 chip, excluding newer devices such as the Iphone 4S, the Ipad 2 and the other Ipad that came out after the Ipad 2.