Apple fixes 27 bugs, revokes bad certificates in iOS update

Apple Inc. has fixed 27 vulnerabilities and revoked a bad certificate in its iOS operating system that can potentially render iPhones, iPads and iPod touch devices vulnerable to hackers, according to an information technology security firm.

 

Security vendor Sophos said iOS 6.1 should be considered a critical update, lest they allow the mobile devices to be remotely compromised.

 

"Some of these fixes have been known for some time. A bug in handling Japanese Unicode characters dates back to 2011 and could lead to a cross-site scripting attack," it noted in a blog post. It also said the update finally addresses bad certificates released by TURKTRUST and discovered last Christmas.

 

On the other hand, it said the fix may be a case of "too little, too late" as the revoked certificates have "already been destroyed and determined to not have been used maliciously."

 

Sophos also noted most of the flaws were in WebKit, the rendering engine used by Apple's Safari browser to display web content.

 

"It is also a very dangerous component to leave vulnerable as it can be attacked by any web page controlled by someone with malicious intent. I would make these updates a priority," it said.

 

Meanwhile, Sophos noted Apple also released an update to the Apple TV bringing its release number to 5.2.

 

"Two responsibly disclosed vulnerabilities were fixed in this release, one of which appears to be intended to prevent jailbreaking," it said.  — ELR, GMA News