CEO Tim Cook speaks during an Apple event in San Francisco, California
CEO Tim Cook speaks during an Apple event in San Francisco, California

The release of the new iOS 5.1 update accompanied the launch of the New iPad. The new software update includes multi-language dictation (in French, German and Japanese), camera enhancements, bug fixes for battery-life and drop in audio levels with outgoing calls and more.

iOS 5.1 software update also features a bunch of key security updates affecting all iOS devices including iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2. Pod 2g and the elite jailbreak dream team - MuscleNerd, Joshua Hill, P0sixninja, PlanetBeing and Saurik, have been credited by Apple for their valuable exploits in unearthing potential security bugs on the iOS platform, pertaining to File System, Kernel and VPN (Virtual Private Network).

Take a look at some of the key security issues addressed by the new iOS 5.1 software update:

iOS 5.1 Security Update

CFNetwork

Products Affected: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Exploit: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers.

Credit: Erling Ellingsen of Facebook

HFS

Products Affected: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Exploit: Mounting a maliciously crafted disk image may lead to a device shutdown or arbitrary code execution

Description: An integer underflow existed with the handling of HFS catalog files.

Credit: pod2g

Kernel

Products Affected: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Exploit: A malicious program could bypass sandbox restrictions

Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges.

Credit: 2012 iOS Jailbreak Dream Team

Safari

Products Affected: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Exploit: Web page visits may be recorded in browser history even when Private Browsing is active

Description: Safari's Private Browsing is designed to prevent recording of a browsing session. Pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active.

Credit: Eric Melville of American Express

Siri

Products Affected: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Exploit: An attacker with physical access to a locked phone could get access to frontmost email message

Description: A design issue existed in Siri's lock screen restrictions. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen.

VPN

Products Affected: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Exploit: A maliciously crafted system configuration file may lead to arbitrary code execution with system privileges

Description: A format string vulnerability existed in the handling of racoon configuration files.

Credit: Pod2g

Check out the other key security updates that made the final cut with the iOS 5.1 software update here.