Tag Archive: iPhone 5.0.1 Unlock


Apple patches serious security holes in iOS devices

Apple has shipped a high-priority iOS update to fix multiple security holes affecting the browser used on iPhones, iPads and iPod Touch devices.

The iOS 5.1.1 update fixes four separate vulnerabilities, including one that could be used to take complete control of an affected device.

Here’s the skinny of this batch of updates:

  • A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.
  • Multiple security holes in the open-source WebKit rendering engine. These could lead to cross-site scripting attacks from maliciously crafted web sites. These vulnerabilities were used during Google’s Pwnium contest at this year’s CanSecWest conference.
  • A memory corruption issue in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue was discovered and reported by Google’s security team.

This patch is only available via iTunes. To check that the iPhone, iPod touch, or iPad has been updated:

  1. Navigate to Settings
  2. Select General
  3. Select About. The version after applying this update will be “5.1.1″.

Ryan says: As always, do not update to 5.1.1 if your iPhone is unlocked or jailbroken already or if you plan doing this in the future.

iOS loophole gives developers access to photos, sources say a fix is coming

Another day, another iOS security concern. Today’s confidence-defeating news comes from Nick Bilton at the New York Times. Bilton writes at the paper’s Bits blog that a loophole has been discovered in iOS which allows third-party developers access to your iPhone, iPad, or iPod touch’s photo and video location data… as well as the actual photos and videos themselves. It appears that if an app asks for photo location data on your device (and you approve the request for permission), that application will also be able to slurp down the photos and videos stored on your phone without any further notification. The Times report mirrors an earlier story from 9to5 Mac which detailed security issues on the platform.

Bilton had an unnamed developer create a dummy application which would replicate the offending functionality, and the developer was able to easily poach location information as well as photos and video from a test device. Other developers — such as Curio co-founder David E. Chen — sounded off on the issue. Chen told the Times that, “The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.” Camera+ developer John Casasanta said that, “It’s very strange, because Apple is asking for location permission, but really what it is doing is accessing your entire photo library.” The article also suggests that this loophole may have been introduced with the release of iOS 4 in 2010.

We reached out to Apple about the issue, but the company declined to comment.

All hope might not be lost, however. We spoke to sources familiar with the situation, and were informed that a fix is most likely coming for the loophole. According to the people we talked to, Apple has been made aware of the issue and is likely planning a fix with an upcoming release of iOS. Those sources also confirmed that the ability to send your photos and videos to a third-party is an error, not an intended feature. If we had to guess, the fix will likely come alongside a patch for Apple’s other recent security issue — the ability for apps to upload your address book information without warning.

This story has clear echoes of that controversy, which came to light when a developer discovered that the app Path was downloading all of your device’s contact information to the company’s servers. In a follow-up report, we discovered that Path wasn’t the only app grabbing your info.

It will be interesting to see how Apple reacts to security breaches of this nature in the future. The company has long made it clear that it’s working to respect user’s privacy; at a glance it looks like these recent slip-ups are exceptions, not the rule.

Source: The Verge