Apple’s iOS 5.0.1 is out

Apple’s latest iOS update is out.

The new version bumps iOS5 up to 5.0.1, and is Apple’s first OTA update.

OTA stands for “over-the-air”, and means that you can download and apply the update directly from your iDevice.

You no longer need to download the entire firmware file to your computer – including yet another copy of everything which hasn’t changed in iOS – and push it to your device.

(OTA updating isn’t yet mandatory. If you prefer to keep full copies of each iOS firmware distro, you can still use the download-and-install-with-iTunes method.)

According to Apple, the highlights of the 5.0.1 update are that it:

* fixes bugs affecting battery life,

* adds Multitasking Gestures for the original iPad,

* resolves bugs with Documents in the Cloud, and

* improves voice recognition for Australian users using dictation.

Strewth! That last one’s a bonzer boost for blokes and sheilas everywhere! Gives an Aussie something worth lifting a tinnie to after the Baggy Green got such a big hiding from the South Africans in the cricket!

Importantly, 5.0.1 also fixes a number of security flaws, including a remote code execution (RCE) vulnerability involving font handling, found by Erling Ellingsen of Facebook. RCE means that a cybercriminal might be able to trick your device into running software without asking you, even if you’re just browsing the internet.

Interestingly, Charlie Miller’s recent and controversial App Store hole has also been patched. Miller showed how to write an innocent-looking App which, once approved by Apple, could fetch and run unapproved software.

Miller was unceremoniously banned from the Apple Developer scene for at least a year; there’s no word from Apple, however, on whether he’ll be readmitted now the hole is fixed.

Jailbreakers will be pleased to note that devices suitable for running a jailbroken iOS5 – a list which sadly still excludes the iPhone 4GS and the iPad 2 – can happily run a jailbroken iOS5.0.1.

If you are a jailbreaker, however, note that there is not yet any way to go back to iOS5.0 once you’ve moved on to 5.0.1.

That means that you’ll never be able to use Charlie Miller’s code-signing vulnerability for jailbreaking purposes in the future, for example if an iPad 2 jailbreak appears which relies on it.

And that leaves us with one question: should you update?

Some reports suggest that 5.0.1 brings with it a raft of new problems, and that the update might not, after all, fix your battery issues.

But these complaints are still anecdotal and unscientific, so if you trust Apple and you’re not into jailbreaking, I’d suggest updating to 5.0.1 as soon as you conveniently can.

Ellingsen’s and Miller’s vulnerabilities may not have made it to Apple’s highlights list, but each of these bugs on its own can be considered sufficiently important to warrant a prompt update.



PS. The iOS 5.0.1 image comes from http://cydiahelp.com/.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/45V_C2Ph7TU/

View full post on National Cyber Security