[15/12/2011] Apple atualiza builds dos firmwares do iPhone 4S e da AppleTV de 2ª geração, agora no build 9A406. O firmware da AppleTV, que usa nomenclatura diferente do restante dos iOS devices, agora está na versão 4.4.4. Links diretos para ambos os firmwares na tabela abaixo.

Acaba de ser liberado o iOS 5.0.1! As notas de versão informam que foram resolvidos bugs que afetavam a autonomia da bateria e uso do iCloud, melhora o reconhecimento de voz para os usuários que falam inglês com sotaque australiano e também implementa os gestos multi-tarefa no iPadv1. Atenção para que o build final (9a405) é mais recente que o iOS 5.0.1 beta2 (9a404).

A atualização também corrige diversos bugs que levavam a falhas de segurança como o bug da Smart Cover no iPadv2 e a mais notória delas: o problema dos codesigning checks que permitia a execução remota de programas não autorizados, veja maiores detalhes nas correções de segurança abaixo.

A atualização também está disponível via OTA – Over-The-Air, se ainda não apareceu automaticamente no seu iDevice, faça a atualização manual em Preferências/Geral/Atualização de Software e lembre-se que o seu iDevice não inicia uma atualização pelo ar se a bateria estiver abaixo de 50%, conectado via 3G/Edge, ou com uma versão beta do iOS 5.0.1.

- Notas de lançamento:

About iOS 5.0.1 Software Update

 

This update contains improvements and other bug fixes including:

 

• Fixes bugs affecting battery life
• Adds Multitasking Gestures for original iPad
• Resolves bugs with Documents in the Cloud
• Improves voice recognition for Australian users using dictation

 

Products compatible with this software update:

 

• iPhone 4S
• iPhone 4
• iPhone 3GS
• iPad 2
• iPad
• iPod touch (4th generation)
• iPod touch (3rd generation)

 

For information on the security content of this update, please visit this website:

http://support.apple.com/kb/HT1222

- Correções de segurança:

iOS 5.0.1 Software Update

• CFNetwork 

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive informationDescription: An issue existed in CFNetwork’s handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server.

CVE-IDCVE-2011-3246 : Erling Ellingsen of Facebook

• CoreGraphics

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2Impact: Viewing a document containing a maliciously crafted font may lead to arbitrary code execution

Description: Multiple memory corruption issues existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font.

CVE-IDCVE-2011-3439 : Apple

• Data Security

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia’s certificates are not trusted.

We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue.

• Kernel

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: An application may execute unsigned codeDescription: A logic error existed in the mmap system call’s checking of valid flag combinations. This issue may lead to a bypass of codesigning checks. This issue does not affect devices running iOS prior to version 4.3.

CVE-IDCVE-2011-3442 : Charlie Miller of Accuvant Labs

• libinfo

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive informationDescription: An issue existed in libinfo’s handling of DNS name lookups. When resolving a maliciously crafted hostname, libinfo could return an incorrect result.

CVE-IDCVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of Blocket AB

• Passcode Lock

Available for: iOS 4.3 through 5.0 for iPad 2Impact: A person with physical access to a locked iPad 2 may be able to access some of the user’s data

Description: When a Smart Cover is opened while iPad 2 is confirming power off in the locked state, the iPad does not request a passcode. This allows some access to the iPad, but data protected by Data Protection is inaccessible and apps cannot be launched.

CVE-IDCVE-2011-3440

- Links diretos para as atualizações:

Atualizado em 15/12/11 com o novo firmware para o iPhone 4S e para a AppleTV de 2ª geração.

- Links:

iOS 5.0.1 Software Update
About the security content of iOS 5.0.1 Software Update

Sobre AlexandreTorres

Alexandre Torres já escreveu 833 artigos no AppleSpotlight..

• Posts de AlexandreTorres →
• Blog

Artigos similares: