Apple shipped an update to their IOS mobile platform on Thursday that included patches for a number of security vulnerabilities, including a resolution for a vulnerability that led to the expulsion of renowned security researcher, Charlie Miller, from Apple’s developer program.
As reported by threatpost, Miller recently demonstrated an kernel exploit that allowed him to circumvent the iTunes App Stores’ code-signing restrictions. The multiple Pwn2Own Champion created a benign demo application called Instastock that displayed real-time stock price information, while collecting and transferring data from the IOS device to a server under Miller’s control.
Apple says it has now patched the flaw, which is described in a security bulletin as a “logic error in the mmap system call’s checking of valid flag combinations” _that enabled applications to bypass the company’s codesigning checks. _
__The patch on Thursday also fixed another widely publicized iPad passcode flaw linked to the attached Smart Cover. That security hole allowed users access to the content of a given device without first requiring them to enter a passcode.
Four remaining patches resolve some less well-known vulnerabilities that include: