iOS 6.1 was posted today. It contains BIG security fixes which I consider to be critical. This update is available for iPhone 3GS through iPhone 5; iPod Touch 4 through iPod Touch 5; iPad 2 through iPad 4. (Sorry iPad 1 users!).
If you check out the notes provided in iTunes, you'd never know about any security fixes unless you clicked the link at the end of Apple's brief notes:
For information on the security content of this update, please visit this website:Which then provides a link to here:
Thankfully, Apple provide nice summaries of the CVE issues involved (as opposed to our pals at Oracle regarding Java :-P).
My quick list of problems fixed by iOS 6.1,
with my comments in [brackets]:
Identity Services: Bypass of certificate authorization of an AppleID.
International Components for Unicode: Malicious website cross-site scripting attack.
Kernel: Faulty kernel memory access.
Security: Interception of user credentials and further information due to bad TURKTRUST issued security certificates. [DC- Oh look, yet-another BAD security certificate authority]
WebKit Memory Corruption: 20 memory corruption flaws allowing unexpected application termination or arbitrary code execution. [DC- IOW, potential PWNing of your WebKit browser]
WebKit Content Pasting Validation: Pasting of content onto malicious websites leading to cross-site scripting attack.
WebKit Frame Elements: A cross-site scripting issue in the handling of frame elements leading to cross-site scripting attack.
WiFi: Temporary disablement of WiFi by a remote attacker on the same WiFi network. Caused by Broadcom's BCM4325 and BCM4329 firmware reading out of bounds when handling 802.11i information elements.
No surprise, the majority of issues involve memory management flaws, the continuing plague of modern programming languages and methods.
I suggest updating ASAP. It's always a good idea to have some free space available on your iOS device, especially when updating iOS.
Today I thankfully have not run into any bogged down access to the update. But my iPod Touch 4 booted five times before the update was complete. There is also a new setup process for iCloud required after the update. All went well.
Oh and BTW: The number of malware affecting iOS remains at zero.
(Unless of course you've cracked your iOS device. Then you're on your own. The number of affecting malware is unknown.)